public ActionResult Login(string keyHandle)
{
var model = new LoginDeviceViewModel {
KeyHandle = keyHandle
};
try
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == keyHandle);
if (deviceRegistration == null)
{
ModelState.AddModelError("", "Unknown key handle: " + keyHandle);
return(View(model));
}
var startedRegistration = u2f.StartAuthentication(appId, deviceRegistration);
model = new LoginDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
KeyHandle = startedRegistration.KeyHandle.ToWebSafeBase64(),
UserName = GetCurrentUser()
};
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
}
return(View(model));
}
public ActionResult Login(string keyHandle)
{
var model = new LoginDeviceViewModel { KeyHandle = keyHandle };
try
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == keyHandle);
if (deviceRegistration == null)
{
ModelState.AddModelError("", "Unknown key handle: " + keyHandle);
return View(model);
}
var startedRegistration = u2f.StartAuthentication(appId, deviceRegistration);
model = new LoginDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
KeyHandle = startedRegistration.KeyHandle.ToWebSafeBase64(),
UserName = GetCurrentUser()
};
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
}
return View(model);
}
public void FinishAuthentication_InvalidSignatureData()
{
var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64);
var signatureBytes = signatureData.Signature.ToByteArray();
signatureBytes[0] ^= 0xFF;
signatureData = new FidoSignatureData(
signatureData.UserPresence,
signatureData.Counter,
new FidoSignature(signatureBytes));
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(TestVectors.ClientDataAuth),
signatureData,
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
public void FinishRegistration_IncorrectType_Throws()
{
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
var registerResponse = GetValidRegisterResponse();
registerResponse.ClientData.Type = "incorrect type";
Assert.Throws <InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains));
}
public void FinishRegistration_UntrustedOrigin_Throws(string origin)
{
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
var registerResponse = GetValidRegisterResponse();
registerResponse.ClientData.Origin = origin;
Assert.Throws <InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains));
}
public void FinishRegistration_IncorrectChallenge_Throws()
{
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
var registerResponse = GetValidRegisterResponse();
registerResponse.ClientData.Challenge =
WebSafeBase64Converter.ToBase64String(Encoding.Default.GetBytes("incorrect challenge"));
Assert.Throws <InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains));
}
public AuthenticateDeviceModel GetAuthenticationModel(Device device)
{
var u2F = new FidoUniversalTwoFactor();
var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data);
var authentication = u2F.StartAuthentication(AppId, deviceRegistration);
var model = new AuthenticateDeviceModel
{
AppId = authentication.AppId.ToString(),
Challenge = authentication.Challenge,
KeyHandle = device.Identifier
};
return(model);
}
public void FinishRegistration_RegisterResponse_Works()
{
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
startedRegistration.Challenge = TestVectors.ServerChallengeRegisterBase64;
var registerResponse = GetValidRegisterResponse();
var registrationData = registerResponse.RegistrationData;
var deviceRegistration = fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains);
Assert.IsNotNull(deviceRegistration);
Assert.AreEqual(deviceRegistration.Certificate.RawData, registrationData.AttestationCertificate.RawData);
Assert.AreEqual(deviceRegistration.KeyHandle, registrationData.KeyHandle);
}
public void StartRegistration()
{
var randomChallenge = Encoding.Default.GetBytes("random challenge");
var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(randomChallenge);
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
mockGenerateChallenge.Verify(x => x.GenerateChallenge(), Times.Once);
Assert.AreEqual(TestVectors.AppIdEnroll, startedRegistration.AppId.ToString());
Assert.AreEqual(randomChallenge, WebSafeBase64Converter.FromBase64String(startedRegistration.Challenge));
}
public ActionResult TESTREG()
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var startedRegistration = u2f.StartRegistration(appId);
GetFidoRepository().StoreStartedRegistration(GetCurrentUser(), startedRegistration);
var model = new RegisterNewDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
UserName = GetCurrentUser()
};
return(View(model));
}
public ActionResult TESTSUBMIT(RegisterNewDeviceViewModel model)
{
model = model ?? new RegisterNewDeviceViewModel();
if (!String.IsNullOrEmpty(model.RawRegisterResponse))
{
var u2f = new FidoUniversalTwoFactor();
var challenge = model.Challenge;
var startedRegistration = GetFidoRepository().GetStartedRegistration(GetCurrentUser(), challenge);
var deviceRegistration = u2f.FinishRegistration(startedRegistration, model.RawRegisterResponse, GetTrustedDomains());
GetFidoRepository().StoreDeviceRegistration(GetCurrentUser(), deviceRegistration);
GetFidoRepository().RemoveStartedRegistration(GetCurrentUser(), model.Challenge);
}
return(RedirectToAction("Registred"));
}
public IActionResult RegisterDevice(RegisterDeviceModel model)
{
if (model == null || string.IsNullOrEmpty(model.AppId) || string.IsNullOrEmpty(model.Challenge) || string.IsNullOrEmpty(model.RawRegisterResponse))
{
return(BadRequest(new { error = "Invalid Data", code = 400 }));
}
try
{
var device = App.CurrentUser.Devices.FirstOrDefault(x => x.Name.Equals(model.DeviceName));
if (device != null)
{
return(BadRequest(new { error = "This name already used on another device.", code = 400 }));
}
var u2F = new FidoUniversalTwoFactor();
App.Registrations.TryGetValue(model.Challenge, out var startedRegistration);
if (startedRegistration == null)
{
return(BadRequest(new { error = "Invalid Started Registration.", code = 400 }));
}
var facetIds = new List <FidoFacetId> {
new FidoFacetId(startedRegistration.AppId.ToString())
};
var deviceRegistration = u2F.FinishRegistration(startedRegistration, model.RawRegisterResponse, facetIds);
if (deviceRegistration == null)
{
return(BadRequest(new { error = "Invalid Device Registration.", code = 400 }));
}
App.AddDeviceRegistration(model.DeviceName, deviceRegistration);
App.Registrations.Remove(model.Challenge);
return(Ok(new { message = "Device has been registered.", code = 200, redirect = Url.Action("CurrentUser") }));
}
catch (Exception exception)
{
Console.WriteLine(exception);
return(BadRequest(new { error = exception.Message, code = 500 }));
}
}
public void FinishAuthentication_Works()
{
var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(TestVectors.ClientDataAuth),
FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64),
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains);
}
public RegisterDeviceModel GetRegistrationModel()
{
var u2F = new FidoUniversalTwoFactor();
var startedRegistration = u2F.StartRegistration(AppId);
var model = new RegisterDeviceModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge
};
if (App.CurrentUser.Devices.Any())
{
model.RegisteredKeys.AddRange(App.CurrentUser.Devices.Select(x => x.Identifier).ToList());
}
App.AddRegistration(model.Challenge, startedRegistration);
return(model);
}
public ActionResult Register(NewUserViewModel newUserModel)
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var startedRegistration = u2f.StartRegistration(appId);
GetFidoRepository().StoreStartedRegistration(newUserModel.UserName, startedRegistration);
var model = new RegisterNewDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
UserName = newUserModel.UserName,
Email = newUserModel.Email
};
return(View(model));
}
public IActionResult AuthenticateDevice(AuthenticateDeviceModel model)
{
if (App.CurrentUser == null)
{
return(BadRequest(new { error = "You must login.", code = 401 }));
}
if (model == null || string.IsNullOrEmpty(model.KeyHandle))
{
return(BadRequest(new { error = "Invalid device id.", code = 400 }));
}
var device = App.CurrentUser.Devices.FirstOrDefault(x => x.Identifier.Equals(model.KeyHandle));
if (device == null)
{
return(BadRequest(new { error = "Device not found.", code = 400 }));
}
var u2F = new FidoUniversalTwoFactor();
var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data);
if (deviceRegistration == null)
{
return(BadRequest(new { error = "Unknown key handle.", code = 400 }));
}
var challenge = model.Challenge;
var startedAuthentication = new FidoStartedAuthentication(AppId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? ""));
var facetIds = new List <FidoFacetId> {
new FidoFacetId(AppId.ToString())
};
var counter = u2F.FinishAuthentication(startedAuthentication, model.RawAuthenticateResponse, deviceRegistration, facetIds);
deviceRegistration.Counter = counter;
device.Usage++;
return(Ok(new { message = "Device has been authenticated.", code = 200, redirect = Url.Action("CurrentUser") }));
}
public void FinishAuthentication_DifferentChallenge()
{
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var clientDataAuth = TestVectors.ClientDataAuth.Replace("challenge\":\"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o", "challenge\":\"different");
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(clientDataAuth),
FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64),
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
public void FinishAuthentication_UntrustedOrigin(string origin)
{
var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var clientDataAuth = TestVectors.ClientDataAuth.Replace("origin\":\"http://example.com", "origin\":\"" + origin);
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(clientDataAuth),
FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64),
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
public void FinishAuthentication_DifferentChallenge()
{
var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var clientDataAuth = TestVectors.ClientDataAuth.Replace("challenge\":\"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o", "challenge\":\"different");
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(clientDataAuth),
FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64),
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
public ActionResult Login(LoginDeviceViewModel model)
{
model = model ?? new LoginDeviceViewModel();
try
{
if (!String.IsNullOrEmpty(model.RawAuthenticationResponse))
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle);
if (deviceRegistration == null)
{
ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle);
return(View(new LoginDeviceViewModel()));
}
var challenge = model.Challenge;
var startedAuthentication = new FidoStartedAuthentication(appId, challenge,
FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? ""));
var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains());
// save the counter somewhere, the device registration of the next authentication should use this updated counter
//deviceRegistration.Counter = counter;
return(RedirectToAction("LoginSuccess"));
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
}
return(View(model));
}
public void FinishRegistration_JsonRegisterResponse_Works()
{
var challenge = WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeRegisterBase64);
var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(challenge);
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
startedRegistration.Challenge = TestVectors.ServerChallengeRegisterBase64;
var registerResponse = GetValidRegisterResponse();
var registrationData = registerResponse.RegistrationData;
var jsonValue = registerResponse.ToJson();
var deviceRegistration = fido.FinishRegistration(startedRegistration, jsonValue, TestVectors.TrustedDomains);
Assert.IsNotNull(deviceRegistration);
Assert.AreEqual(deviceRegistration.Certificate.RawData, registrationData.AttestationCertificate.RawData);
Assert.AreEqual(deviceRegistration.KeyHandle, registrationData.KeyHandle);
}
public void FinishAuthentication_CounterTooSmall()
{
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64);
signatureData = new FidoSignatureData(
signatureData.UserPresence,
0,
signatureData.Signature);
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(TestVectors.ClientDataAuth),
signatureData,
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
public void StartRegistration()
{
var randomChallenge = Encoding.Default.GetBytes("random challenge");
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(randomChallenge);
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
mockGenerateChallenge.Verify(x => x.GenerateChallenge(), Times.Once);
Assert.AreEqual(TestVectors.AppIdEnroll, startedRegistration.AppId.ToString());
Assert.AreEqual(randomChallenge, WebSafeBase64Converter.FromBase64String(startedRegistration.Challenge));
}
public ActionResult Login(LoginDeviceViewModel model)
{
model = model ?? new LoginDeviceViewModel();
try
{
if (!String.IsNullOrEmpty(model.RawAuthenticationResponse))
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle);
if (deviceRegistration == null)
{
ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle);
return View(new LoginDeviceViewModel());
}
var challenge = model.Challenge;
var startedAuthentication = new FidoStartedAuthentication(appId, challenge,
FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? ""));
var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains());
// save the counter somewhere, the device registration of the next authentication should use this updated counter
deviceRegistration.Counter = counter;
return RedirectToAction("LoginSuccess");
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
}
return View(model);
}
public void FinishRegistration_RegisterResponse_Works()
{
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
startedRegistration.Challenge = TestVectors.ServerChallengeRegisterBase64;
var registerResponse = GetValidRegisterResponse();
var registrationData = registerResponse.RegistrationData;
var deviceRegistration = fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains);
Assert.IsNotNull(deviceRegistration);
Assert.AreEqual(deviceRegistration.Certificate.RawData, registrationData.AttestationCertificate.RawData);
Assert.AreEqual(deviceRegistration.KeyHandle, registrationData.KeyHandle);
}
public void FinishRegistration_JsonRegisterResponse_Works()
{
var challenge = WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeRegisterBase64);
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(challenge);
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
startedRegistration.Challenge = TestVectors.ServerChallengeRegisterBase64;
var registerResponse = GetValidRegisterResponse();
var registrationData = registerResponse.RegistrationData;
var jsonValue = registerResponse.ToJson();
var deviceRegistration = fido.FinishRegistration(startedRegistration, jsonValue, TestVectors.TrustedDomains);
Assert.IsNotNull(deviceRegistration);
Assert.AreEqual(deviceRegistration.Certificate.RawData, registrationData.AttestationCertificate.RawData);
Assert.AreEqual(deviceRegistration.KeyHandle, registrationData.KeyHandle);
}
public void FinishRegistration_IncorrectType_Throws()
{
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
var registerResponse = GetValidRegisterResponse();
registerResponse.ClientData.Type = "incorrect type";
Assert.Throws<InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains));
}
public void FinishRegistration_IncorrectChallenge_Throws()
{
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
var registerResponse = GetValidRegisterResponse();
registerResponse.ClientData.Challenge =
WebSafeBase64Converter.ToBase64String(Encoding.Default.GetBytes("incorrect challenge"));
Assert.Throws<InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains));
}
public void FinishAuthentication_Works()
{
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(TestVectors.ClientDataAuth),
FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64),
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains);
}
public void FinishAuthentication_UntrustedOrigin(string origin)
{
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var clientDataAuth = TestVectors.ClientDataAuth.Replace("origin\":\"http://example.com", "origin\":\"" + origin);
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(clientDataAuth),
FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64),
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
public void FinishRegistration_UntrustedOrigin_Throws(string origin)
{
var fido = new FidoUniversalTwoFactor();
var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll);
var registerResponse = GetValidRegisterResponse();
registerResponse.ClientData.Origin = origin;
Assert.Throws<InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains));
}
public ActionResult Register(RegisterNewDeviceViewModel model)
{
model = model ?? new RegisterNewDeviceViewModel();
if (!String.IsNullOrEmpty(model.RawRegisterResponse))
{
var u2f = new FidoUniversalTwoFactor();
var challenge = model.Challenge;
var startedRegistration = GetFidoRepository().GetStartedRegistration(GetCurrentUser(), challenge);
var deviceRegistration = u2f.FinishRegistration(startedRegistration, model.RawRegisterResponse, GetTrustedDomains());
GetFidoRepository().StoreDeviceRegistration(GetCurrentUser(), deviceRegistration);
GetFidoRepository().RemoveStartedRegistration(GetCurrentUser(), model.Challenge);
return RedirectToAction("Index");
}
return View(model);
}
public ActionResult Register()
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var startedRegistration = u2f.StartRegistration(appId);
GetFidoRepository().StoreStartedRegistration(GetCurrentUser(), startedRegistration);
var model = new RegisterNewDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
UserName = GetCurrentUser()
};
return View(model);
}
