public ActionResult Login(string keyHandle) { var model = new LoginDeviceViewModel { KeyHandle = keyHandle }; try { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == keyHandle); if (deviceRegistration == null) { ModelState.AddModelError("", "Unknown key handle: " + keyHandle); return(View(model)); } var startedRegistration = u2f.StartAuthentication(appId, deviceRegistration); model = new LoginDeviceViewModel { AppId = startedRegistration.AppId.ToString(), Challenge = startedRegistration.Challenge, KeyHandle = startedRegistration.KeyHandle.ToWebSafeBase64(), UserName = GetCurrentUser() }; } catch (Exception ex) { ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message); } return(View(model)); }
public ActionResult Login(string keyHandle) { var model = new LoginDeviceViewModel { KeyHandle = keyHandle }; try { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == keyHandle); if (deviceRegistration == null) { ModelState.AddModelError("", "Unknown key handle: " + keyHandle); return View(model); } var startedRegistration = u2f.StartAuthentication(appId, deviceRegistration); model = new LoginDeviceViewModel { AppId = startedRegistration.AppId.ToString(), Challenge = startedRegistration.Challenge, KeyHandle = startedRegistration.KeyHandle.ToWebSafeBase64(), UserName = GetCurrentUser() }; } catch (Exception ex) { ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message); } return View(model); }
public void FinishAuthentication_InvalidSignatureData() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64); var signatureBytes = signatureData.Signature.ToByteArray(); signatureBytes[0] ^= 0xFF; signatureData = new FidoSignatureData( signatureData.UserPresence, signatureData.Counter, new FidoSignature(signatureBytes)); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), signatureData, FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void FinishRegistration_IncorrectType_Throws() { var fido = new FidoUniversalTwoFactor(); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); var registerResponse = GetValidRegisterResponse(); registerResponse.ClientData.Type = "incorrect type"; Assert.Throws <InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains)); }
public void FinishRegistration_UntrustedOrigin_Throws(string origin) { var fido = new FidoUniversalTwoFactor(); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); var registerResponse = GetValidRegisterResponse(); registerResponse.ClientData.Origin = origin; Assert.Throws <InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains)); }
public void FinishRegistration_IncorrectChallenge_Throws() { var fido = new FidoUniversalTwoFactor(); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); var registerResponse = GetValidRegisterResponse(); registerResponse.ClientData.Challenge = WebSafeBase64Converter.ToBase64String(Encoding.Default.GetBytes("incorrect challenge")); Assert.Throws <InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains)); }
public AuthenticateDeviceModel GetAuthenticationModel(Device device) { var u2F = new FidoUniversalTwoFactor(); var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data); var authentication = u2F.StartAuthentication(AppId, deviceRegistration); var model = new AuthenticateDeviceModel { AppId = authentication.AppId.ToString(), Challenge = authentication.Challenge, KeyHandle = device.Identifier }; return(model); }
public void FinishRegistration_RegisterResponse_Works() { var fido = new FidoUniversalTwoFactor(); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); startedRegistration.Challenge = TestVectors.ServerChallengeRegisterBase64; var registerResponse = GetValidRegisterResponse(); var registrationData = registerResponse.RegistrationData; var deviceRegistration = fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains); Assert.IsNotNull(deviceRegistration); Assert.AreEqual(deviceRegistration.Certificate.RawData, registrationData.AttestationCertificate.RawData); Assert.AreEqual(deviceRegistration.KeyHandle, registrationData.KeyHandle); }
public void StartRegistration() { var randomChallenge = Encoding.Default.GetBytes("random challenge"); var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(randomChallenge); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); mockGenerateChallenge.Verify(x => x.GenerateChallenge(), Times.Once); Assert.AreEqual(TestVectors.AppIdEnroll, startedRegistration.AppId.ToString()); Assert.AreEqual(randomChallenge, WebSafeBase64Converter.FromBase64String(startedRegistration.Challenge)); }
public ActionResult TESTREG() { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var startedRegistration = u2f.StartRegistration(appId); GetFidoRepository().StoreStartedRegistration(GetCurrentUser(), startedRegistration); var model = new RegisterNewDeviceViewModel { AppId = startedRegistration.AppId.ToString(), Challenge = startedRegistration.Challenge, UserName = GetCurrentUser() }; return(View(model)); }
public ActionResult TESTSUBMIT(RegisterNewDeviceViewModel model) { model = model ?? new RegisterNewDeviceViewModel(); if (!String.IsNullOrEmpty(model.RawRegisterResponse)) { var u2f = new FidoUniversalTwoFactor(); var challenge = model.Challenge; var startedRegistration = GetFidoRepository().GetStartedRegistration(GetCurrentUser(), challenge); var deviceRegistration = u2f.FinishRegistration(startedRegistration, model.RawRegisterResponse, GetTrustedDomains()); GetFidoRepository().StoreDeviceRegistration(GetCurrentUser(), deviceRegistration); GetFidoRepository().RemoveStartedRegistration(GetCurrentUser(), model.Challenge); } return(RedirectToAction("Registred")); }
public IActionResult RegisterDevice(RegisterDeviceModel model) { if (model == null || string.IsNullOrEmpty(model.AppId) || string.IsNullOrEmpty(model.Challenge) || string.IsNullOrEmpty(model.RawRegisterResponse)) { return(BadRequest(new { error = "Invalid Data", code = 400 })); } try { var device = App.CurrentUser.Devices.FirstOrDefault(x => x.Name.Equals(model.DeviceName)); if (device != null) { return(BadRequest(new { error = "This name already used on another device.", code = 400 })); } var u2F = new FidoUniversalTwoFactor(); App.Registrations.TryGetValue(model.Challenge, out var startedRegistration); if (startedRegistration == null) { return(BadRequest(new { error = "Invalid Started Registration.", code = 400 })); } var facetIds = new List <FidoFacetId> { new FidoFacetId(startedRegistration.AppId.ToString()) }; var deviceRegistration = u2F.FinishRegistration(startedRegistration, model.RawRegisterResponse, facetIds); if (deviceRegistration == null) { return(BadRequest(new { error = "Invalid Device Registration.", code = 400 })); } App.AddDeviceRegistration(model.DeviceName, deviceRegistration); App.Registrations.Remove(model.Challenge); return(Ok(new { message = "Device has been registered.", code = 200, redirect = Url.Action("CurrentUser") })); } catch (Exception exception) { Console.WriteLine(exception); return(BadRequest(new { error = exception.Message, code = 500 })); } }
public void FinishAuthentication_Works() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains); }
public RegisterDeviceModel GetRegistrationModel() { var u2F = new FidoUniversalTwoFactor(); var startedRegistration = u2F.StartRegistration(AppId); var model = new RegisterDeviceModel { AppId = startedRegistration.AppId.ToString(), Challenge = startedRegistration.Challenge }; if (App.CurrentUser.Devices.Any()) { model.RegisteredKeys.AddRange(App.CurrentUser.Devices.Select(x => x.Identifier).ToList()); } App.AddRegistration(model.Challenge, startedRegistration); return(model); }
public ActionResult Register(NewUserViewModel newUserModel) { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var startedRegistration = u2f.StartRegistration(appId); GetFidoRepository().StoreStartedRegistration(newUserModel.UserName, startedRegistration); var model = new RegisterNewDeviceViewModel { AppId = startedRegistration.AppId.ToString(), Challenge = startedRegistration.Challenge, UserName = newUserModel.UserName, Email = newUserModel.Email }; return(View(model)); }
public IActionResult AuthenticateDevice(AuthenticateDeviceModel model) { if (App.CurrentUser == null) { return(BadRequest(new { error = "You must login.", code = 401 })); } if (model == null || string.IsNullOrEmpty(model.KeyHandle)) { return(BadRequest(new { error = "Invalid device id.", code = 400 })); } var device = App.CurrentUser.Devices.FirstOrDefault(x => x.Identifier.Equals(model.KeyHandle)); if (device == null) { return(BadRequest(new { error = "Device not found.", code = 400 })); } var u2F = new FidoUniversalTwoFactor(); var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data); if (deviceRegistration == null) { return(BadRequest(new { error = "Unknown key handle.", code = 400 })); } var challenge = model.Challenge; var startedAuthentication = new FidoStartedAuthentication(AppId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? "")); var facetIds = new List <FidoFacetId> { new FidoFacetId(AppId.ToString()) }; var counter = u2F.FinishAuthentication(startedAuthentication, model.RawAuthenticateResponse, deviceRegistration, facetIds); deviceRegistration.Counter = counter; device.Usage++; return(Ok(new { message = "Device has been authenticated.", code = 200, redirect = Url.Action("CurrentUser") })); }
public void FinishAuthentication_DifferentChallenge() { var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("challenge\":\"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o", "challenge\":\"different"); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void FinishAuthentication_UntrustedOrigin(string origin) { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("origin\":\"http://example.com", "origin\":\"" + origin); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void FinishAuthentication_DifferentChallenge() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("challenge\":\"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o", "challenge\":\"different"); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public ActionResult Login(LoginDeviceViewModel model) { model = model ?? new LoginDeviceViewModel(); try { if (!String.IsNullOrEmpty(model.RawAuthenticationResponse)) { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle); if (deviceRegistration == null) { ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle); return(View(new LoginDeviceViewModel())); } var challenge = model.Challenge; var startedAuthentication = new FidoStartedAuthentication(appId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? "")); var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains()); // save the counter somewhere, the device registration of the next authentication should use this updated counter //deviceRegistration.Counter = counter; return(RedirectToAction("LoginSuccess")); } } catch (Exception ex) { ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message); } return(View(model)); }
public void FinishRegistration_JsonRegisterResponse_Works() { var challenge = WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeRegisterBase64); var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(challenge); var fido = new FidoUniversalTwoFactor(); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); startedRegistration.Challenge = TestVectors.ServerChallengeRegisterBase64; var registerResponse = GetValidRegisterResponse(); var registrationData = registerResponse.RegistrationData; var jsonValue = registerResponse.ToJson(); var deviceRegistration = fido.FinishRegistration(startedRegistration, jsonValue, TestVectors.TrustedDomains); Assert.IsNotNull(deviceRegistration); Assert.AreEqual(deviceRegistration.Certificate.RawData, registrationData.AttestationCertificate.RawData); Assert.AreEqual(deviceRegistration.KeyHandle, registrationData.KeyHandle); }
public void FinishAuthentication_CounterTooSmall() { var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64); signatureData = new FidoSignatureData( signatureData.UserPresence, 0, signatureData.Signature); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), signatureData, FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void StartRegistration() { var randomChallenge = Encoding.Default.GetBytes("random challenge"); var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(randomChallenge); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); mockGenerateChallenge.Verify(x => x.GenerateChallenge(), Times.Once); Assert.AreEqual(TestVectors.AppIdEnroll, startedRegistration.AppId.ToString()); Assert.AreEqual(randomChallenge, WebSafeBase64Converter.FromBase64String(startedRegistration.Challenge)); }
public ActionResult Login(LoginDeviceViewModel model) { model = model ?? new LoginDeviceViewModel(); try { if (!String.IsNullOrEmpty(model.RawAuthenticationResponse)) { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle); if (deviceRegistration == null) { ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle); return View(new LoginDeviceViewModel()); } var challenge = model.Challenge; var startedAuthentication = new FidoStartedAuthentication(appId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? "")); var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains()); // save the counter somewhere, the device registration of the next authentication should use this updated counter deviceRegistration.Counter = counter; return RedirectToAction("LoginSuccess"); } } catch (Exception ex) { ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message); } return View(model); }
public void FinishRegistration_JsonRegisterResponse_Works() { var challenge = WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeRegisterBase64); var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(challenge); var fido = new FidoUniversalTwoFactor(); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); startedRegistration.Challenge = TestVectors.ServerChallengeRegisterBase64; var registerResponse = GetValidRegisterResponse(); var registrationData = registerResponse.RegistrationData; var jsonValue = registerResponse.ToJson(); var deviceRegistration = fido.FinishRegistration(startedRegistration, jsonValue, TestVectors.TrustedDomains); Assert.IsNotNull(deviceRegistration); Assert.AreEqual(deviceRegistration.Certificate.RawData, registrationData.AttestationCertificate.RawData); Assert.AreEqual(deviceRegistration.KeyHandle, registrationData.KeyHandle); }
public void FinishRegistration_IncorrectType_Throws() { var fido = new FidoUniversalTwoFactor(); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); var registerResponse = GetValidRegisterResponse(); registerResponse.ClientData.Type = "incorrect type"; Assert.Throws<InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains)); }
public void FinishRegistration_IncorrectChallenge_Throws() { var fido = new FidoUniversalTwoFactor(); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); var registerResponse = GetValidRegisterResponse(); registerResponse.ClientData.Challenge = WebSafeBase64Converter.ToBase64String(Encoding.Default.GetBytes("incorrect challenge")); Assert.Throws<InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains)); }
public void FinishAuthentication_Works() { var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains); }
public void FinishAuthentication_UntrustedOrigin(string origin) { var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("origin\":\"http://example.com", "origin\":\"" + origin); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void FinishRegistration_UntrustedOrigin_Throws(string origin) { var fido = new FidoUniversalTwoFactor(); var startedRegistration = fido.StartRegistration(TestVectors.AppIdEnroll); var registerResponse = GetValidRegisterResponse(); registerResponse.ClientData.Origin = origin; Assert.Throws<InvalidOperationException>(() => fido.FinishRegistration(startedRegistration, registerResponse, TestVectors.TrustedDomains)); }
public ActionResult Register(RegisterNewDeviceViewModel model) { model = model ?? new RegisterNewDeviceViewModel(); if (!String.IsNullOrEmpty(model.RawRegisterResponse)) { var u2f = new FidoUniversalTwoFactor(); var challenge = model.Challenge; var startedRegistration = GetFidoRepository().GetStartedRegistration(GetCurrentUser(), challenge); var deviceRegistration = u2f.FinishRegistration(startedRegistration, model.RawRegisterResponse, GetTrustedDomains()); GetFidoRepository().StoreDeviceRegistration(GetCurrentUser(), deviceRegistration); GetFidoRepository().RemoveStartedRegistration(GetCurrentUser(), model.Challenge); return RedirectToAction("Index"); } return View(model); }
public ActionResult Register() { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var startedRegistration = u2f.StartRegistration(appId); GetFidoRepository().StoreStartedRegistration(GetCurrentUser(), startedRegistration); var model = new RegisterNewDeviceViewModel { AppId = startedRegistration.AppId.ToString(), Challenge = startedRegistration.Challenge, UserName = GetCurrentUser() }; return View(model); }