/// <summary> /// Creates a Passport key on the machine using the account id passed. /// Then returns a boolean based on whether we were able to create a Passport key or not. /// /// Will also attempt to create an attestation that this key is backed by hardware on the device, but is not a requirement /// for a working key in this scenario. It is possible to not accept a key that is software-based only. /// </summary> /// <param name="accountId">The account id associated with the account that we are enrolling into Passport</param> /// <returns>Boolean representing if creating the Passport key succeeded</returns> public async Task <bool> CreatePassportKey(string accountId) { KeyCredentialRetrievalResult keyCreationResult = await KeyCredentialManager.RequestCreateAsync(accountId, KeyCredentialCreationOption.ReplaceExisting); if (keyCreationResult.Status == KeyCredentialStatus.Success) { KeyCredential userKey = keyCreationResult.Credential; IBuffer publicKey = userKey.RetrievePublicKey(); KeyCredentialAttestationResult keyAttestationResult = await userKey.GetAttestationAsync(); if (keyAttestationResult.Status == KeyCredentialAttestationStatus.Success) { //keyAttestation Included. //TODO:read keyAttestationResult.AttestationBuffer and keyAttestationResult.CertificateChainBuffer } else if (keyAttestationResult.Status == KeyCredentialAttestationStatus.TemporaryFailure) { //keyAttestation CanBeRetrievedLater } else if (keyAttestationResult.Status == KeyCredentialAttestationStatus.NotSupported) { //keyAttestation is not supported } // Package public key, keyAttesation if available, // certificate chain for attestation endorsement key if available, // status code of key attestation result: keyAttestationIncluded or // keyAttestationCanBeRetrievedLater and keyAttestationRetryType // and send it to application server to register the user. bool serverAddedPassportToAccount = await AddPassportToAccountOnServer(); if (serverAddedPassportToAccount == true) { return(true); } } else if (keyCreationResult.Status == KeyCredentialStatus.UserCanceled) { // User cancelled the Passport enrollment process } else if (keyCreationResult.Status == KeyCredentialStatus.NotFound) { // User needs to create PIN return(false); } return(false); }
public void PassportUpdateDetails(Guid userId, Guid deviceId, byte[] publicKey, KeyCredentialAttestationResult keyAttestationResult) { UserAccount existingUserAccount = GetUserAccount(userId); if (existingUserAccount != null) { if (!existingUserAccount.PassportDevices.Any(f => f.DeviceId.Equals(deviceId))) { existingUserAccount.PassportDevices.Add(new PassportDevice() { DeviceId = deviceId, PublicKey = publicKey, // KeyAttestationResult = keyAttestationResult, }); } } SaveAccountListAsync(); }
private static async Task GetKeyAttestationAsync(Guid userId, KeyCredentialRetrievalResult keyCreationResult) { KeyCredential userKey = keyCreationResult.Credential; IBuffer publicKey = userKey.RetrievePublicKey(); KeyCredentialAttestationResult keyAttestationResult = await userKey.GetAttestationAsync(); IBuffer keyAttestation = null; IBuffer certificateChain = null; bool keyAttestationIncluded = false; bool keyAttestationCanBeRetrievedLater = false; KeyCredentialAttestationStatus keyAttestationRetryType = 0; if (keyAttestationResult.Status == KeyCredentialAttestationStatus.Success) { keyAttestationIncluded = true; keyAttestation = keyAttestationResult.AttestationBuffer; certificateChain = keyAttestationResult.CertificateChainBuffer; Debug.WriteLine("Successfully made key and attestation"); } else if (keyAttestationResult.Status == KeyCredentialAttestationStatus.TemporaryFailure) { keyAttestationRetryType = KeyCredentialAttestationStatus.TemporaryFailure; keyAttestationCanBeRetrievedLater = true; Debug.WriteLine("Successfully made key but not attestation"); } else if (keyAttestationResult.Status == KeyCredentialAttestationStatus.NotSupported) { keyAttestationRetryType = KeyCredentialAttestationStatus.NotSupported; keyAttestationCanBeRetrievedLater = false; Debug.WriteLine("Key created, but key attestation not supported"); } Guid deviceId = Helpers.GetDeviceId(); //Update the Pasport details with the information we have just gotten above. UpdatePassportDetails(userId, deviceId, publicKey.ToArray(), keyAttestationResult); }
public void PassportUpdateDetails(Guid userId, Guid deviceId, byte[] publicKey, KeyCredentialAttestationResult keyAttestationResult) { _mockStore.PassportUpdateDetails(userId, deviceId, publicKey, keyAttestationResult); }
private async Task <bool> CreatePassportKey(string accountId) { KeyCredentialRetrievalResult keyCreationResult = await KeyCredentialManager.RequestCreateAsync(accountId, KeyCredentialCreationOption.ReplaceExisting); if (keyCreationResult.Status == KeyCredentialStatus.Success) { KeyCredential userKey = keyCreationResult.Credential; IBuffer publicKey = userKey.RetrievePublicKey(); KeyCredentialAttestationResult keyAttestationResult = await userKey.GetAttestationAsync(); IBuffer keyAttestation = null; IBuffer certificateChain = null; bool keyAttestationIncluded = false; bool keyAttestationCanBeRetrievedLater = false; KeyCredentialAttestationStatus keyAttestationRetryType = 0; if (keyAttestationResult.Status == KeyCredentialAttestationStatus.Success) { keyAttestationIncluded = true; keyAttestation = keyAttestationResult.AttestationBuffer; certificateChain = keyAttestationResult.CertificateChainBuffer; } else if (keyAttestationResult.Status == KeyCredentialAttestationStatus.TemporaryFailure) { keyAttestationRetryType = KeyCredentialAttestationStatus.TemporaryFailure; keyAttestationCanBeRetrievedLater = true; } else if (keyAttestationResult.Status == KeyCredentialAttestationStatus.NotSupported) { keyAttestationRetryType = KeyCredentialAttestationStatus.NotSupported; keyAttestationCanBeRetrievedLater = false; } // Package public key, keyAttesation if available, // certificate chain for attestation endorsement key if available, // status code of key attestation result: keyAttestationIncluded or // keyAttestationCanBeRetrievedLater and keyAttestationRetryType // and send it to application server to register the user. bool serverAddedPassportToAccount = await AddPassportToAccountOnServer(); if (serverAddedPassportToAccount == true) { return(true); } } else if (keyCreationResult.Status == KeyCredentialStatus.UserCanceled) { // User cancelled the Passport enrollment process } else if (keyCreationResult.Status == KeyCredentialStatus.NotFound) { // User needs to create PIN //textblock_PassportStatusText.Text = "Microsoft Passport is almost ready!\nPlease go to Windows Settings and set up a PIN to use it."; //grid_PassportStatus.Background = new SolidColorBrush(Color.FromArgb(255, 50, 170, 207)); //button_PassportSignIn.IsEnabled = false; m_passportAvailable = false; } else { } return(false); }
public static bool UpdatePassportDetails(Guid userId, Guid deviceId, byte[] publicKey, KeyCredentialAttestationResult keyAttestationResult) { //In the real world you would use an API to add Passport signing info to server for the signed in _account. //For this tutorial we do not implement a WebAPI for our server and simply mock the server locally //The CreatePassportKey method handles adding the Windows Hello account locally to the device using the KeyCredential Manager //Using the userId the existing account should be found and updated. AuthService.AuthService.Instance.PassportUpdateDetails(userId, deviceId, publicKey, keyAttestationResult); return(true); }
public void UpdateDetails(Guid userId, Guid DeviceId, byte[] publicKey, KeyCredentialAttestationResult keyAttestationResult) { _mockstore.deviceupdateDetails(userId, DeviceId, publicKey, keyAttestationResult); }