public async Task <Fido2Credential> AddCredentialToUser(Fido2Credential newFido2Credential)
{
_db.Fido2Credentials.Add(newFido2Credential);
await _db.SaveChangesAsync();
return(newFido2Credential);
}
private async Task MigrateU2FToFIDO2()
{
await using var ctx = _DBContextFactory.CreateContext();
var u2fDevices = await ctx.U2FDevices.ToListAsync();
foreach (U2FDevice u2FDevice in u2fDevices)
{
var fido2 = new Fido2Credential()
{
ApplicationUserId = u2FDevice.ApplicationUserId,
Name = u2FDevice.Name,
Type = Fido2Credential.CredentialType.FIDO2
};
fido2.SetBlob(new Fido2CredentialBlob()
{
SignatureCounter = (uint)u2FDevice.Counter,
PublicKey = CreatePublicKeyFromU2fRegistrationData(u2FDevice.PublicKey).EncodeToBytes(),
UserHandle = u2FDevice.KeyHandle,
Descriptor = new PublicKeyCredentialDescriptor(u2FDevice.KeyHandle),
CredType = "u2f"
});
await ctx.AddAsync(fido2);
ctx.Remove(u2FDevice);
}
await ctx.SaveChangesAsync();
}
public static Fido2CredentialBlob GetFido2Blob(this Fido2Credential credential)
{
var result = credential.Blob == null
? new Fido2CredentialBlob()
: JObject.Parse(ZipUtils.Unzip(credential.Blob)).ToObject <Fido2CredentialBlob>();
return(result);
}
public static bool SetBlob(this Fido2Credential credential, Fido2CredentialBlob descriptor)
{
var original = new Serializer(null).ToString(credential.GetFido2Blob());
var newBlob = new Serializer(null).ToString(descriptor);
if (original == newBlob)
{
return(false);
}
credential.Type = Fido2Credential.CredentialType.FIDO2;
credential.Blob = ZipUtils.Zip(newBlob);
return(true);
}
public async Task <bool> CompleteCreation(string userId, string name, string data)
{
try
{
var attestationResponse = JObject.Parse(data).ToObject <AuthenticatorAttestationRawResponse>();
await using var dbContext = _contextFactory.CreateContext();
var user = await dbContext.Users.Include(applicationUser => applicationUser.Fido2Credentials)
.FirstOrDefaultAsync(applicationUser => applicationUser.Id == userId);
if (user == null || !CreationStore.TryGetValue(userId, out var options))
{
return(false);
}
// 2. Verify and make the credentials
var success =
await _fido2.MakeNewCredentialAsync(attestationResponse, options, args => Task.FromResult(true));
// 3. Store the credentials in db
var newCredential = new Fido2Credential()
{
Name = name, ApplicationUserId = userId
};
newCredential.SetBlob(new Fido2CredentialBlob()
{
Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId),
PublicKey = success.Result.PublicKey,
UserHandle = success.Result.User.Id,
SignatureCounter = success.Result.Counter,
CredType = success.Result.CredType,
AaGuid = success.Result.Aaguid.ToString(),
});
await dbContext.Fido2Credentials.AddAsync(newCredential);
await dbContext.SaveChangesAsync();
CreationStore.Remove(userId, out _);
return(true);
}
catch (Exception)
{
return(false);
}
}
public async Task <bool> CompleteCreation(string name, string userId, ECDSASignature sig, PubKey pubKey)
{
try
{
await using var dbContext = _contextFactory.CreateContext();
var user = await dbContext.Users.Include(applicationUser => applicationUser.Fido2Credentials)
.FirstOrDefaultAsync(applicationUser => applicationUser.Id == userId);
var pubkeyBytes = pubKey.ToBytes();
if (!CreationStore.TryGetValue(userId.ToLowerInvariant(), out var k1) || user == null || await dbContext.Fido2Credentials.AnyAsync(credential => credential.Type == Fido2Credential.CredentialType.LNURLAuth && credential.Blob == pubkeyBytes))
{
return(false);
}
if (!global::LNURL.LNAuthRequest.VerifyChallenge(sig, pubKey, k1))
{
return(false);
}
var newCredential = new Fido2Credential()
{
Name = name, ApplicationUserId = userId, Type = Fido2Credential.CredentialType.LNURLAuth, Blob = pubkeyBytes
};
await dbContext.Fido2Credentials.AddAsync(newCredential);
await dbContext.SaveChangesAsync();
CreationStore.Remove(userId, out _);
return(true);
}
catch (Exception)
{
return(false);
}
}
public void AddCredential(Fido2Credential cred)
{
_db.Add(cred);
}
