public async Task <Fido2Credential> AddCredentialToUser(Fido2Credential newFido2Credential) { _db.Fido2Credentials.Add(newFido2Credential); await _db.SaveChangesAsync(); return(newFido2Credential); }
private async Task MigrateU2FToFIDO2() { await using var ctx = _DBContextFactory.CreateContext(); var u2fDevices = await ctx.U2FDevices.ToListAsync(); foreach (U2FDevice u2FDevice in u2fDevices) { var fido2 = new Fido2Credential() { ApplicationUserId = u2FDevice.ApplicationUserId, Name = u2FDevice.Name, Type = Fido2Credential.CredentialType.FIDO2 }; fido2.SetBlob(new Fido2CredentialBlob() { SignatureCounter = (uint)u2FDevice.Counter, PublicKey = CreatePublicKeyFromU2fRegistrationData(u2FDevice.PublicKey).EncodeToBytes(), UserHandle = u2FDevice.KeyHandle, Descriptor = new PublicKeyCredentialDescriptor(u2FDevice.KeyHandle), CredType = "u2f" }); await ctx.AddAsync(fido2); ctx.Remove(u2FDevice); } await ctx.SaveChangesAsync(); }
public static Fido2CredentialBlob GetFido2Blob(this Fido2Credential credential) { var result = credential.Blob == null ? new Fido2CredentialBlob() : JObject.Parse(ZipUtils.Unzip(credential.Blob)).ToObject <Fido2CredentialBlob>(); return(result); }
public static bool SetBlob(this Fido2Credential credential, Fido2CredentialBlob descriptor) { var original = new Serializer(null).ToString(credential.GetFido2Blob()); var newBlob = new Serializer(null).ToString(descriptor); if (original == newBlob) { return(false); } credential.Type = Fido2Credential.CredentialType.FIDO2; credential.Blob = ZipUtils.Zip(newBlob); return(true); }
public async Task <bool> CompleteCreation(string userId, string name, string data) { try { var attestationResponse = JObject.Parse(data).ToObject <AuthenticatorAttestationRawResponse>(); await using var dbContext = _contextFactory.CreateContext(); var user = await dbContext.Users.Include(applicationUser => applicationUser.Fido2Credentials) .FirstOrDefaultAsync(applicationUser => applicationUser.Id == userId); if (user == null || !CreationStore.TryGetValue(userId, out var options)) { return(false); } // 2. Verify and make the credentials var success = await _fido2.MakeNewCredentialAsync(attestationResponse, options, args => Task.FromResult(true)); // 3. Store the credentials in db var newCredential = new Fido2Credential() { Name = name, ApplicationUserId = userId }; newCredential.SetBlob(new Fido2CredentialBlob() { Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId), PublicKey = success.Result.PublicKey, UserHandle = success.Result.User.Id, SignatureCounter = success.Result.Counter, CredType = success.Result.CredType, AaGuid = success.Result.Aaguid.ToString(), }); await dbContext.Fido2Credentials.AddAsync(newCredential); await dbContext.SaveChangesAsync(); CreationStore.Remove(userId, out _); return(true); } catch (Exception) { return(false); } }
public async Task <bool> CompleteCreation(string name, string userId, ECDSASignature sig, PubKey pubKey) { try { await using var dbContext = _contextFactory.CreateContext(); var user = await dbContext.Users.Include(applicationUser => applicationUser.Fido2Credentials) .FirstOrDefaultAsync(applicationUser => applicationUser.Id == userId); var pubkeyBytes = pubKey.ToBytes(); if (!CreationStore.TryGetValue(userId.ToLowerInvariant(), out var k1) || user == null || await dbContext.Fido2Credentials.AnyAsync(credential => credential.Type == Fido2Credential.CredentialType.LNURLAuth && credential.Blob == pubkeyBytes)) { return(false); } if (!global::LNURL.LNAuthRequest.VerifyChallenge(sig, pubKey, k1)) { return(false); } var newCredential = new Fido2Credential() { Name = name, ApplicationUserId = userId, Type = Fido2Credential.CredentialType.LNURLAuth, Blob = pubkeyBytes }; await dbContext.Fido2Credentials.AddAsync(newCredential); await dbContext.SaveChangesAsync(); CreationStore.Remove(userId, out _); return(true); } catch (Exception) { return(false); } }
public void AddCredential(Fido2Credential cred) { _db.Add(cred); }