public async Task Sign()
{
var keySignRequests = new[]
{
new KeySignRequest(U2FVersion.V2, BROWSER_DATA_SIGN_SHA256, APP_ID_SIGN_SHA256, KEY_HANDLE)
};
keyOperations
.Setup(
x => x.SignAsync(
It.Is<ICollection<KeySignRequest>>(reqs => reqs.SequenceEqual(keySignRequests)),
It.IsAny<CancellationToken>(),
false))
.Returns(
(ICollection<KeySignRequest> reqs, CancellationToken ct, bool individualAttest) =>
Task.FromResult(
SignOperationResult.Success(
reqs.Single(),
new KeySignResponse(
UserPresenceVerifierConstants.UserPresentFlag,
COUNTER_VALUE,
SIGNATURE_AUTHENTICATE))));
var signRequest = new SignRequest(U2FConsts.U2Fv2, SERVER_CHALLENGE_SIGN_BASE64, APP_ID_SIGN, KEY_HANDLE_BASE64, SESSION_ID);
var result = await u2FClient.Sign(new[] {signRequest}, CancellationToken.None);
Assert.AreEqual(new SignResponse
(BROWSER_DATA_SIGN_BASE64, SIGN_RESPONSE_DATA_BASE64, SERVER_CHALLENGE_SIGN_BASE64
, SESSION_ID, APP_ID_SIGN), result);
}
public static KeySignRequest SignRequestToAuthenticateRequest(string origin, SignRequest signRequest, JObject channelIdJson,
out string clientData, IClientCrypto crypto)
{
clientData = ClientDataCodec.EncodeClientData(ClientDataCodec.RequestTypeAuthenticate, signRequest.Challenge,
origin, channelIdJson);
var clientDataSha256 = crypto.ComputeSha256(clientData);
var appIdSha256 = crypto.ComputeSha256(signRequest.AppId);
var keyHandle = WebSafeBase64Converter.FromBase64String(signRequest.KeyHandle);
return new KeySignRequest(U2FVersion.V2,
clientDataSha256, appIdSha256, keyHandle);
}
public virtual void TestAuthenticate()
{
var signRequest = new SignRequest(U2FConsts.U2Fv2, SERVER_CHALLENGE_SIGN_BASE64, APP_ID_SIGN, KEY_HANDLE_BASE64, SESSION_ID);
mockU2FServer.Setup(x => x.GetSignRequests(ACCOUNT_NAME, ORIGIN))
.Returns(new[] { signRequest });
mockOriginVerifier.Setup(x => x.ValidateOrigin(APP_ID_SIGN, ORIGIN));
mockU2FKey.Setup(x => x.Authenticate(new KeySignRequest(U2FVersion.V2, BROWSER_DATA_SIGN_SHA256, APP_ID_SIGN_SHA256, KEY_HANDLE)))
.Returns(new KeySignResponse(UserPresenceVerifierConstants.UserPresentFlag, COUNTER_VALUE, SIGNATURE_AUTHENTICATE));
mockU2FServer.Setup(x => x.ProcessSignResponse(new SignResponse
(BROWSER_DATA_SIGN_BASE64, SIGN_RESPONSE_DATA_BASE64, SERVER_CHALLENGE_SIGN_BASE64
, SESSION_ID, APP_ID_SIGN))).Returns(new SecurityKeyData
(0L, KEY_HANDLE, USER_PUBLIC_KEY_ENROLL_HEX, VENDOR_CERTIFICATE, 0));
u2FClient.Authenticate(ORIGIN, ACCOUNT_NAME);
}
public virtual void TestGetSignRequest()
{
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
mockChallengeGenerator.Setup(x => x.GenerateChallenge(ACCOUNT_NAME))
.Returns(SERVER_CHALLENGE_SIGN);
var signRequest = u2FServer.GetSignRequests(ACCOUNT_NAME, APP_ID_SIGN);
var expected = new SignRequest("U2F_V2", SERVER_CHALLENGE_SIGN_BASE64, APP_ID_SIGN, KEY_HANDLE_BASE64,
SESSION_ID);
Assert.AreEqual(expected, signRequest[0]);
}
private SignInfo GenerateSignInfo(SignRequest signRequest)
{
var clientDataB64 = ClientDataCodec.EncodeClientData(ClientDataCodec.RequestTypeAuthenticate, signRequest.Challenge,
sender.Origin, sender.ChannelId);
var clientDataSha256 = crypto.ComputeSha256(clientDataB64);
var appIdSha256 = crypto.ComputeSha256(signRequest.AppId);
var keyHandle = WebSafeBase64Converter.FromBase64String(signRequest.KeyHandle);
var authRequest = new KeySignRequest(U2FVersion.V2,
clientDataSha256, appIdSha256, keyHandle);
return new SignInfo(signRequest, clientDataB64, authRequest);
}
public SignInfo(SignRequest signRequest, string clientDataBase64, KeySignRequest keySignRequest)
{
ClientDataBase64 = clientDataBase64;
KeySignRequest = keySignRequest;
SignRequest = signRequest;
}
public async Task Register()
{
var keySignRequests = new[] { new KeySignRequest(U2FVersion.V2, BROWSER_DATA_SIGN_SHA256, APP_ID_SIGN_SHA256, KEY_HANDLE) };
var keyRegisterRequests = new[] {new KeyRegisterRequest(APP_ID_ENROLL_SHA256, BROWSER_DATA_ENROLL_SHA256)};
keyOperations
.Setup(
x => x.RegisterAsync(
It.Is<ICollection<KeyRegisterRequest>>(reqs => reqs.SequenceEqual(keyRegisterRequests)),
It.Is<ICollection<KeySignRequest>>(reqs => reqs.SequenceEqual(keySignRequests)),
It.IsAny<CancellationToken>()))
.Returns(
(ICollection<KeyRegisterRequest> registerReqs, ICollection<KeySignRequest> signReqs, CancellationToken ct) =>
Task.FromResult(
RegisterOperationResult.Success(
registerReqs.Single(),
new KeyRegisterResponse(
USER_PUBLIC_KEY_ENROLL_HEX,
KEY_HANDLE,
VENDOR_CERTIFICATE,
SIGNATURE_ENROLL))));
var signRequest = new SignRequest(U2FConsts.U2Fv2, SERVER_CHALLENGE_SIGN_BASE64, APP_ID_SIGN, KEY_HANDLE_BASE64, SESSION_ID);
var registerRequest = new RegisterRequest(U2FConsts.U2Fv2, SERVER_CHALLENGE_ENROLL_BASE64, APP_ID_ENROLL, SESSION_ID);
var result = await u2FClient.Register(new [] { registerRequest }, new[] { signRequest }, CancellationToken.None);
Assert.AreEqual(new RegisterResponse(REGISTRATION_DATA_BASE64, BROWSER_DATA_ENROLL_BASE64, SESSION_ID), result);
}
