private async Task LockDevice()
{
// Query the devices which can do presence check for the console user
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceInfoList =
await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
if (deviceInfoList.Count == 0)
{
return;
}
foreach (SecondaryAuthenticationFactorInfo deviceInfo in deviceInfoList)
{
if (deviceInfo.PresenceMonitoringMode !=
SecondaryAuthenticationFactorDevicePresenceMonitoringMode.AppManaged)
{
// Skip the device which doesn't need to be monitored in the background task
continue;
}
SecondaryAuthenticationFactorDevicePresence state =
SecondaryAuthenticationFactorDevicePresence.Absent;
await deviceInfo.UpdateDevicePresenceAsync(state);
}
}
private async Task LockDevice(string deviceGUIDtoLock)
{
Debug.WriteLine("[LockDevice]");
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceInfoList =
await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
if (deviceInfoList.Count == 0)
{
return;
}
foreach (SecondaryAuthenticationFactorInfo deviceInfo in deviceInfoList)
{
if (deviceInfo.PresenceMonitoringMode !=
SecondaryAuthenticationFactorDevicePresenceMonitoringMode.AppManaged)
{
// Skip the device which doesn't need to be monitored in the background task
continue;
}
SecondaryAuthenticationFactorDevicePresence state =
SecondaryAuthenticationFactorDevicePresence.Absent;
await deviceInfo.UpdateDevicePresenceAsync(state);
SecondaryAuthenticationFactorDevicePresenceMonitoringMode mode = deviceInfo.PresenceMonitoringMode;
}
}
private async void UnregisterDevice_Click(object sender, RoutedEventArgs e)
{
if (m_selectedDeviceId == String.Empty)
{
return;
}
await SecondaryAuthenticationFactorRegistration.UnregisterDeviceAsync(m_selectedDeviceId);
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.User);
listContent listItem = new listContent();
listItem.deviceFriendlyName = m_selectedDeviceFriendlyName;
listItem.deviceGUID = m_selectedDeviceId;
DeviceListBox.Items.Remove(listItem);
if (deviceList.Count == 0)
{
this.Frame.Navigate(typeof(waitingForDevice));
}
else
{
this.Frame.Navigate(typeof(MainPage), "false");
}
}
private async Task PresenceMonitor()
{
//ShowToastNotification("Presence monitor triggered!");
System.Diagnostics.Debug.WriteLine("[PresenceMonitor] triggered");
// Query the devices which can do presence check for the console user
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceInfoList =
await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
if (deviceInfoList.Count == 0)
{
return;
}
foreach (SecondaryAuthenticationFactorInfo deviceInfo in deviceInfoList)
{
if (deviceInfo.PresenceMonitoringMode !=
SecondaryAuthenticationFactorDevicePresenceMonitoringMode.AppManaged)
{
// Skip the device which doesn't need to be monitored in the background task
continue;
}
await deviceInfo.UpdateDevicePresenceAsync(SecondaryAuthenticationFactorDevicePresence.Present);
}
}
private async Task Removed()
{
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
if (deviceList.Count > 0)
{
await this.Dispatcher.RunAsync(CoreDispatcherPriority.Normal, () =>
{
this.Frame.Navigate(typeof(MainPage), "false");
});
//this.Frame.Navigate(typeof(MainPage), "false");
}
else
{
//waitingForDevice.FrameProperty.
//((Page)waitingForDevice).Frame.Navigate(typeof(waitingForDevice));
//((Page)RegisterDevice).Frame.Navigate(typeof(waitingForDevice));
await this.Dispatcher.RunAsync(CoreDispatcherPriority.Normal, () =>
{
this.Frame.Navigate(typeof(waitingForDevice));
});
//this.Frame.Navigate(typeof(waitingForDevice));
}
}
private async void UnregisterDevices()
{
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.AllUsers);
//DeviceListBox.Items.Clear();
for (int index = 0; index < deviceList.Count; ++index)
{
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(index);
System.Diagnostics.Debug.WriteLine(deviceInfo.DeviceFriendlyName);
//DeviceListBox.Items.Add(deviceInfo.DeviceId);
await SecondaryAuthenticationFactorRegistration.UnregisterDeviceAsync(deviceInfo.DeviceId);
}
for (int index = 0; index < deviceList.Count; ++index)
{
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(index);
System.Diagnostics.Debug.WriteLine(deviceInfo.DeviceFriendlyName);
//DeviceListBox.Items.Add(deviceInfo.DeviceId);
//await SecondaryAuthenticationFactorRegistration.UnregisterDeviceAsync(deviceInfo.DeviceId);
}
//RefreshDeviceList(deviceList);
}
protected override async void OnNavigatedTo(NavigationEventArgs e)
{
base.OnNavigatedTo(e);
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
RefreshDeviceList(deviceList);
}
async void OnStageChanged(Object sender, SecondaryAuthenticationFactorAuthenticationStageChangedEventArgs args)
{
//ShowToastNotification("In StageChanged!" + args.StageInfo.Stage.ToString());
if (args.StageInfo.Stage == SecondaryAuthenticationFactorAuthenticationStage.CheckingDevicePresence)
{
Task t = PresenceMonitor();
t.Wait();
opCompletedEvent.Set();
deferral.Complete();
return;
}
if (args.StageInfo.Stage == SecondaryAuthenticationFactorAuthenticationStage.WaitingForUserConfirmation)
{
//ShowToastNotification("Stage = WaitingForUserConfirmation");
// This event is happening on a ThreadPool thread, so we need to dispatch to the UI thread.
// Getting the dispatcher from the MainView works as long as we only have one view.
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.User);
String deviceName = deviceList.ElementAt(deviceList.Count() - 1).DeviceFriendlyName;
string str = "\"" + deviceName + "\"";
await SecondaryAuthenticationFactorAuthentication.ShowNotificationMessageAsync(
str,
SecondaryAuthenticationFactorAuthenticationMessage.SwipeUpWelcome);
}
else if (args.StageInfo.Stage == SecondaryAuthenticationFactorAuthenticationStage.CollectingCredential)
{
//ShowToastNotification("Stage = CollectingCredential");
System.Diagnostics.Debug.WriteLine("[OnStageChanged] Perform Auth / auth trigger");
try
{
Task t = PerformAuthentication();;
await t;
t = writeConnectedRegisteredDevices();
await t;
}
catch (Exception ex)
{
}
finally
{
deferral.Complete();
}
}
else
{
if (args.StageInfo.Stage == SecondaryAuthenticationFactorAuthenticationStage.StoppingAuthentication)
{
SecondaryAuthenticationFactorAuthentication.AuthenticationStageChanged -= OnStageChanged;
opCompletedEvent.Set();
}
SecondaryAuthenticationFactorAuthenticationStage stage = args.StageInfo.Stage;
}
}
public static async void UnregisterAll()
{
var infos = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
foreach (var info in infos)
{
await SecondaryAuthenticationFactorRegistration.UnregisterDeviceAsync(info.DeviceId);
}
}
private async void CancelButtonVisibilityUpdate()
{
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
if (deviceList.Count != 0)
{
((Grid)((Grid)this.Content).Children.ElementAt(3)).Children.ElementAt(5).Visibility = Visibility.Visible;
}
else
{
((Grid)((Grid)this.Content).Children.ElementAt(3)).Children.ElementAt(5).Visibility = Visibility.Collapsed;
}
}
protected override async void OnNavigatedTo(NavigationEventArgs e)
{
base.OnNavigatedTo(e);
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
if (deviceList.Count == 0)
{
this.Frame.Navigate(typeof(waitingForDevice));
}
RefreshDeviceList(deviceList, 1000); //1000 ie: no item selected, max nb of items is 5
//await CommomMethods.SetWindowSize();
//this.Frame.Navigate(typeof(TestRelativePanel));
return;
}
public static async Task UnregisterDevice(DeviceInfo info)
{
try
{
await SecondaryAuthenticationFactorRegistration.UnregisterDeviceAsync(info.DeviceId.ToString());
if ((await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.AllUsers)).Count <= 0)
{
BackgroundHelper.Unregister();
}
}
catch (Exception e)
{
Debug.Write(e);
}
}
private async void UnregisterDevice_Click(object sender, RoutedEventArgs e)
{
if (m_selectedDeviceId == String.Empty)
{
return;
}
//InfoList.Items.Add("Unregister a device:");
await SecondaryAuthenticationFactorRegistration.UnregisterDeviceAsync(m_selectedDeviceId);
//InfoList.Items.Add("Device unregistration is completed.");
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.User);
RefreshDeviceList(deviceList);
}
private async void GoodByeBtn_Click(object sender, RoutedEventArgs e)
{
if (m_selectedDeviceId == string.Empty)
{
if (DeviceListBox.Items.Count > 0)
{
if (DeviceListBox.SelectedItem == null)
{
await new MessageDialog("Please select device first").ShowAsync();
return;
}
else
{
m_selectedDeviceId = DeviceListBox.SelectedItem.ToString();
}
}
else
{
await new MessageDialog("Please register device first").ShowAsync();
return;
}
}
string deviceId = m_selectedDeviceId;
string deviceInstancePath = m_selectedDeviceId;
SecondaryAuthenticationFactorDevicePresenceMonitoringRegistrationStatus status =
await SecondaryAuthenticationFactorRegistration.RegisterDevicePresenceMonitoringAsync(
deviceId,
deviceInstancePath,
SecondaryAuthenticationFactorDevicePresenceMonitoringMode.AppManaged);
switch (status)
{
case SecondaryAuthenticationFactorDevicePresenceMonitoringRegistrationStatus.Succeeded:
await new MessageDialog("Registered for presence monitoring!").ShowAsync();
break;
case SecondaryAuthenticationFactorDevicePresenceMonitoringRegistrationStatus.DisabledByPolicy:
await new MessageDialog("Registered for presence disabled by policy!").ShowAsync();
break;
}
}
public static async Task RegisterDevice(DeviceInfo info, IBuffer deviceKey, IBuffer authKey)
{
var registrationResult =
await SecondaryAuthenticationFactorRegistration.RequestStartRegisteringDeviceAsync(
info.DeviceId.ToString(), // deviceId: max 40 wide characters. For example, serial number of the device
SecondaryAuthenticationFactorDeviceCapabilities.SecureStorage |
SecondaryAuthenticationFactorDeviceCapabilities.HMacSha256 |
SecondaryAuthenticationFactorDeviceCapabilities.StoreKeys,
info.DeviceFriendlyName, // deviceFriendlyName: max 64 wide characters. For example: John's card
info.DeviceModelName, // deviceModelNumber: max 32 wide characters. The app should read the model number from device.
deviceKey,
authKey);
if (registrationResult.Status != SecondaryAuthenticationFactorRegistrationStatus.Started)
{
throw new OperationCanceledException(registrationResult.Status.ToString());
}
await registrationResult.Registration.FinishRegisteringDeviceAsync(null); //config data limited to 4096 bytes
BackgroundHelper.RegisterIfNeeded();
}
private async Task writeConnectedRegisteredDevices()
{
string NanosATR = "3b00";
string selector = SmartCardReader.GetDeviceSelector();
selector += " AND System.Devices.DeviceInstanceId:~~\"Ledger\"";
byte[] response = { 0 };
string sw1sw2 = null;
byte[] deviceDlockState = new byte[1];
byte[] deviceIdArray = new byte[16];
string txt = "";
DeviceInformationCollection readers = await DeviceInformation.FindAllAsync(selector);
IReadOnlyList <SecondaryAuthenticationFactorInfo> RegisteredDeviceList_addEvent = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.User);
List <SecondaryAuthenticationFactorInfo> ConnectedRegisteredDeviceList = await getConnectedRegisteredDeviceList(RegisteredDeviceList_addEvent);
foreach (SecondaryAuthenticationFactorInfo device in ConnectedRegisteredDeviceList)
{
foreach (DeviceInformation smartcardreader in readers)
{
SmartCardReader reader = await SmartCardReader.FromIdAsync(smartcardreader.Id);
SmartCardReaderStatus readerstatus = await reader.GetStatusAsync();
IReadOnlyList <SmartCard> cards = await reader.FindAllCardsAsync();
foreach (SmartCard card in cards)
{
try
{
IBuffer ATR = await card.GetAnswerToResetAsync();
string ATR_str = CryptographicBuffer.EncodeToHexString(ATR);
if (ATR_str.Equals(NanosATR))
{
SmartCardConnection connection = await card.ConnectAsync();
response = await Apdu.TransmitApduAsync(connection, Apdu.getDeviceGuidCmdApdu);
sw1sw2 = Apdu.ApduResponseParser(response, out response);
deviceIdArray = response;
string deviceId = BitConverter.ToString(response).Replace("-", "");
if (deviceId == device.DeviceId) //update config data with dLockState
{
if (device.PresenceMonitoringMode != SecondaryAuthenticationFactorDevicePresenceMonitoringMode.AppManaged)
{
// Skip the device which doesn't need to be monitored in the background task
continue;
}
await device.UpdateDevicePresenceAsync(SecondaryAuthenticationFactorDevicePresence.Present);
response = await Apdu.TransmitApduAsync(connection, Apdu.getDlockStateCmdApdu);
sw1sw2 = Apdu.ApduResponseParser(response, out response);
deviceDlockState = response;
string deviceConfigString = CryptographicBuffer.ConvertBinaryToString(0, device.DeviceConfigurationData);
char[] deviceConfigCharArray = new char[deviceConfigString.Count()];
deviceConfigCharArray = deviceConfigString.ToCharArray();
string deviceConfigStringNew = "";
int count = device.DeviceFriendlyName.Count();
if (deviceDlockState[0] == 0)
{
if (deviceConfigCharArray[35] == '0') // Indicates if device was used for last login
{
deviceConfigStringNew = device.DeviceId + "-0-0-" + device.DeviceFriendlyName + "-" + deviceConfigString.Substring(35 + 1 + count + 1 + 1);
}
else
{
deviceConfigStringNew = device.DeviceId + "-0-1-" + device.DeviceFriendlyName + "-" + deviceConfigString.Substring(35 + 1 + count + 1 + 1);
}
}
else
{
if (deviceConfigCharArray[35] == '0')
{
deviceConfigStringNew = device.DeviceId + "-1-0-" + device.DeviceFriendlyName + "-" + deviceConfigString.Substring(35 + 1 + count + 1 + 1);
}
else
{
deviceConfigStringNew = device.DeviceId + "-1-1-" + device.DeviceFriendlyName + "-" + deviceConfigString.Substring(35 + 1 + count + 1 + 1);
}
}
// Get a Ibuffer from combinedDataArray
IBuffer deviceConfigData = CryptographicBuffer.ConvertStringToBinary(deviceConfigString, 0);
await SecondaryAuthenticationFactorRegistration.UpdateDeviceConfigurationDataAsync(device.DeviceId, deviceConfigData);
}
connection.Dispose();
}
}
catch (Exception e)
{
}
}
}
txt += CryptographicBuffer.ConvertBinaryToString(0, device.DeviceConfigurationData) + Environment.NewLine;
}
StorageFolder folder = ApplicationData.Current.LocalFolder;
StorageFile ConnectedRegisteredDeviceListFile = await folder.CreateFileAsync("connectedRegisteredDeviceList.txt", CreationCollisionOption.ReplaceExisting);
await FileIO.WriteTextAsync(ConnectedRegisteredDeviceListFile, txt);
}
private async Task DiscoverDevice()
{
var authStageInfo = await SecondaryAuthenticationFactorAuthentication.GetAuthenticationStageInfoAsync();
if (authStageInfo.Stage != SecondaryAuthenticationFactorAuthenticationStage.CollectingCredential)
{
return; // Bad status!
}
findAuth = true;
var deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
var db = new DatabaseContext();
var devicesInDb = db.Devices.ToList();
db.Dispose();
IPDiscover.DiscoverIP();
foreach (var device in deviceList)
{
var deviceInDb = devicesInDb.Find(d => d.DeviceId.ToString() == device.DeviceId);
if (deviceInDb == null)
{
continue;
}
var session = new DeviceAuthSession
{
LastIP = deviceInDb.LastConnectedHost,
MACAddress = deviceInDb.DeviceMacAddress,
DeviceID = device.DeviceId,
DeviceInDb = deviceInDb
};
deviceSessions.Add(session);
}
while (findAuth)
{
foreach (var session in deviceSessions)
{
switch (session.Status)
{
case DeviceStatus.NotConnected:
var payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(session.DeviceID));
var data = Encoding.UTF8.GetBytes(DeviceDiscoverPrefix + payload);
if (!string.IsNullOrWhiteSpace(session.LastIP))
{
try
{
UDPListener.Send(session.LastIP, data);
}
catch (Exception)
{
// ignored
}
}
var ips = session.FindIPs()?.ToList();
if ((ips == null || !ips.Any()) && string.IsNullOrWhiteSpace(session.MACAddress) && IPDiscover.IsDiscoveryCompleted)
{
session.Status = DeviceStatus.Unreachable;
continue;
}
if (ips != null)
{
foreach (var ip in ips)
{
try
{
UDPListener.Send(ip, data);
}
catch (Exception)
{
// ignored
}
}
}
await UDPListener.Send(UDPListener.DeviceMulticastGroupAddress, data);
break;
case DeviceStatus.Unreachable:
deviceSessions.Remove(session);
break;
case DeviceStatus.Established:
findAuth = false;
break;
}
}
Thread.Sleep(1000);
}
Auth(deviceSessions.FirstOrDefault(s => s.Status == DeviceStatus.Established));
CurrentSession = null;
}
private async void StackRegsiter_tapped(object sender, TappedRoutedEventArgs e)
{
Window.Current.CoreWindow.PointerCursor = new Windows.UI.Core.CoreCursor(Windows.UI.Core.CoreCursorType.Arrow, 0);
MessageDialog myDlg;
bool executeFinally = true;
if ((sender is StackPanel) && (e.OriginalSource is TextBlock))
{
((Grid)((StackPanel)sender).Parent).Children.ElementAt(3).Visibility = Visibility.Visible;
((StackPanel)sender).Children.ElementAt(1).Visibility = Visibility.Collapsed;
}
string deviceFriendlyName = NameYourDevice.Text.Trim();
var loader = new Windows.ApplicationModel.Resources.ResourceLoader();
string deviceNameAlreadyUsedContent = loader.GetString("DeviceNameAlreadyUsed_content_error");
string deviceNameAlreadyUsedTitle = loader.GetString("DeviceNameAlreadyUsed_title_error");
string deviceAlreadyRegisteredContent = loader.GetString("DeviceAlreadyRegistered_content_error");
string deviceAlreadyRegisteredTitle = loader.GetString("DeviceAlreadyRegistered_title_error");
try
{
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
foreach (SecondaryAuthenticationFactorInfo device in deviceList)
{
if (device.DeviceFriendlyName == deviceFriendlyName)
{
throw new Exception(deviceNameAlreadyUsedContent);
}
}
await CommomMethods.RegisterDevice_Click(deviceFriendlyName);
}
catch (Exception ex)
{
if (ex.Message == deviceNameAlreadyUsedContent)
{
myDlg = new MessageDialog(ex.Message, deviceNameAlreadyUsedTitle);
await myDlg.ShowAsync();
this.Frame.Navigate(typeof(RegisterDevice));
executeFinally = false;
}
else if (ex.Message == deviceAlreadyRegisteredContent)
{
myDlg = new MessageDialog(deviceAlreadyRegisteredContent, deviceAlreadyRegisteredTitle);
await myDlg.ShowAsync();
this.Frame.Navigate(typeof(waitingForDevice));
executeFinally = false;
}
else
{
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.User);
if (deviceList.Count > 0)
{
this.Frame.Navigate(typeof(MainPage), "false");
}
else
{
this.Frame.Navigate(typeof(waitingForDevice));
}
}
}
finally
{
if (executeFinally)
{
this.Frame.Navigate(typeof(MainPage), "false");
}
}
}
/// <summary>
/// Invoked when the application is launched normally by the end user. Other entry points
/// will be used such as when the application is launched to open a specific file.
/// </summary>
/// <param name="e">Details about the launch request and process.</param>
protected override async void OnLaunched(LaunchActivatedEventArgs e)
{
#if DEBUG
if (System.Diagnostics.Debugger.IsAttached)
{
this.DebugSettings.EnableFrameRateCounter = true;
}
#endif
Frame rootFrame = Window.Current.Content as Frame;
// Do not repeat app initialization when the Window already has content,
// just ensure that the window is active
if (rootFrame == null)
{
// Create a Frame to act as the navigation context and navigate to the first page
rootFrame = new Frame();
rootFrame.NavigationFailed += OnNavigationFailed;
if (e.PreviousExecutionState == ApplicationExecutionState.Terminated)
{
//TODO: Load state from previously suspended application
}
// Place the frame in the current Window
Window.Current.Content = rootFrame;
}
if (rootFrame.Content == null)
{
// When the navigation stack isn't restored navigate to the first page,
// configuring the new page by passing required information as a navigation
// parameter
bool isSupported;
MessageDialog myDlg;
isSupported = await KeyCredentialManager.IsSupportedAsync();
if (!isSupported)
{
var loader = new Windows.ApplicationModel.Resources.ResourceLoader();
string PleaseSetUpPinContent = loader.GetString("PleaseSetupPin_content_error");
string PleaseSetUpPinTitle = loader.GetString("PleaseSetupPin_title_error");
myDlg = new MessageDialog(PleaseSetUpPinContent, PleaseSetUpPinTitle);
await myDlg.ShowAsync();
Application.Current.Exit();
return;
}
IReadOnlyList <SecondaryAuthenticationFactorInfo> registeredDeviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.User);
if (registeredDeviceList.Count == 0)
{
rootFrame.Navigate(typeof(waitingForDevice), e.Arguments);
}
else
{
rootFrame.Navigate(typeof(MainPage), e.Arguments);
}
}
// Ensure the current window is active
CommomMethods.SetWindowSize();
Window.Current.Activate();
}
async void PerformAuthentication()
{
ShowToastNotification("Performing Auth!");
//Get the selected device from app settings
var localSettings = Windows.Storage.ApplicationData.Current.LocalSettings;
String m_selectedDeviceId = localSettings.Values["SelectedDevice"] as String;
SecondaryAuthenticationFactorAuthenticationStageInfo authStageInfo = await SecondaryAuthenticationFactorAuthentication.GetAuthenticationStageInfoAsync();
if (authStageInfo.Stage != SecondaryAuthenticationFactorAuthenticationStage.CollectingCredential)
{
ShowToastNotification("Unexpected!");
throw new Exception("Unexpected!");
}
ShowToastNotification("Post Collecting Credential");
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.AllUsers);
if (deviceList.Count == 0)
{
ShowToastNotification("Unexpected exception, device list = 0");
throw new Exception("Unexpected exception, device list = 0");
}
ShowToastNotification("Found companion devices");
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(0);
m_selectedDeviceId = deviceInfo.DeviceId;
ShowToastNotification("Device ID: " + m_selectedDeviceId);
//a nonce is an arbitrary number that may only be used once - a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.
IBuffer svcNonce = CryptographicBuffer.GenerateRandom(32); //Generate a nonce and do a HMAC operation with the nonce
//In real world, you would need to take this nonce and send to companion device to perform an HMAC operation with it
//You will have only 20 second to get the HMAC from the companion device
SecondaryAuthenticationFactorAuthenticationResult authResult = await SecondaryAuthenticationFactorAuthentication.StartAuthenticationAsync(
m_selectedDeviceId, svcNonce);
if (authResult.Status != SecondaryAuthenticationFactorAuthenticationStatus.Started)
{
ShowToastNotification("Unexpected! Could not start authentication!");
throw new Exception("Unexpected! Could not start authentication!");
}
ShowToastNotification("Auth Started");
//
// WARNING: Test code
// The HAMC calculation SHOULD be done on companion device
//
byte[] combinedDataArray;
CryptographicBuffer.CopyToByteArray(authResult.Authentication.DeviceConfigurationData, out combinedDataArray);
byte[] deviceKeyArray = new byte[32];
byte[] authKeyArray = new byte[32];
for (int index = 0; index < deviceKeyArray.Length; index++)
{
deviceKeyArray[index] = combinedDataArray[index];
}
for (int index = 0; index < authKeyArray.Length; index++)
{
authKeyArray[index] = combinedDataArray[deviceKeyArray.Length + index];
}
// Create device key and authentication key
IBuffer deviceKey = CryptographicBuffer.CreateFromByteArray(deviceKeyArray);
IBuffer authKey = CryptographicBuffer.CreateFromByteArray(authKeyArray);
// Calculate the HMAC
MacAlgorithmProvider hMACSha256Provider = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithmNames.HmacSha256);
CryptographicKey deviceHmacKey = hMACSha256Provider.CreateKey(deviceKey);
IBuffer deviceHmac = CryptographicEngine.Sign(deviceHmacKey, authResult.Authentication.DeviceNonce);
// sessionHmac = HMAC(authKey, deviceHmac || sessionNonce)
IBuffer sessionHmac;
byte[] deviceHmacArray = { 0 };
CryptographicBuffer.CopyToByteArray(deviceHmac, out deviceHmacArray);
byte[] sessionNonceArray = { 0 };
CryptographicBuffer.CopyToByteArray(authResult.Authentication.SessionNonce, out sessionNonceArray);
combinedDataArray = new byte[deviceHmacArray.Length + sessionNonceArray.Length];
for (int index = 0; index < deviceHmacArray.Length; index++)
{
combinedDataArray[index] = deviceHmacArray[index];
}
for (int index = 0; index < sessionNonceArray.Length; index++)
{
combinedDataArray[deviceHmacArray.Length + index] = sessionNonceArray[index];
}
// Get a Ibuffer from combinedDataArray
IBuffer sessionMessage = CryptographicBuffer.CreateFromByteArray(combinedDataArray);
// Calculate sessionHmac
CryptographicKey authHmacKey = hMACSha256Provider.CreateKey(authKey);
sessionHmac = CryptographicEngine.Sign(authHmacKey, sessionMessage);
ShowToastNotification("Before finish auth");
SecondaryAuthenticationFactorFinishAuthenticationStatus authStatus = await authResult.Authentication.FinishAuthenticationAsync(deviceHmac,
sessionHmac);
if (authStatus != SecondaryAuthenticationFactorFinishAuthenticationStatus.Completed)
{
ShowToastNotification("Unable to complete authentication!");
throw new Exception("Unable to complete authentication!");
}
ShowToastNotification("Auth completed");
}
public async void Run(IBackgroundTaskInstance taskInstance)
{
deferral = taskInstance.GetDeferral();
StorageFolder folder = ApplicationData.Current.LocalFolder;
//StorageFile logsFile = await folder.CreateFileAsync("BGtask.txt", CreationCollisionOption.OpenIfExists);
//string txt = "[RUN]: " + DateTime.Now.ToString() + Environment.NewLine;
//await FileIO.WriteTextAsync(logsFile, txt);
// This event is signaled when the operation completes
opCompletedEvent = new ManualResetEvent(false);
SecondaryAuthenticationFactorAuthentication.AuthenticationStageChanged += OnStageChanged;
//ShowToastNotification("BG Task Hit!");
if (taskInstance.TriggerDetails is DeviceWatcherTriggerDetails)
{
DeviceWatcherTriggerDetails triggerDetails = (DeviceWatcherTriggerDetails)taskInstance.TriggerDetails;
foreach (DeviceWatcherEvent e in triggerDetails.DeviceWatcherEvents)
{
switch (e.Kind)
{
case DeviceWatcherEventKind.Add:
Debug.WriteLine("[RUN] Add: " + e.DeviceInformation.Id);
deferral = taskInstance.GetDeferral();
try
{
SecondaryAuthenticationFactorAuthenticationStageInfo authStageInfo = await SecondaryAuthenticationFactorAuthentication.GetAuthenticationStageInfoAsync();
SecondaryAuthenticationFactorAuthenticationStage stage = authStageInfo.Stage;
//Debugger.Break();
if ((authStageInfo.Stage == SecondaryAuthenticationFactorAuthenticationStage.WaitingForUserConfirmation) ||
(authStageInfo.Stage == SecondaryAuthenticationFactorAuthenticationStage.CollectingCredential))
{
System.Diagnostics.Debug.WriteLine("[RUN] Perform Auth / plug trigger");
Task t = PerformAuthentication();
await t;
}
//Debugger.Break();
if (e.DeviceInformation.Name.Contains("Ledger"))
{
Task t = writeConnectedRegisteredDevices();
await t;
}
}
catch (Exception ex)
{
}
finally
{
deferral.Complete();
}
break;
//case DeviceWatcherEventKind.Update:
// Debug.WriteLine("[RUN] Update: " + e.DeviceInformationUpdate.Id);
// deferral = taskInstance.GetDeferral();
//
// try
// {
// Task i = writeConnectedRegisteredDevices();
// await i;
// }
// catch (Exception ex)
// {
// Debugger.Break();
// }
// finally
// {
// deferral.Complete();
// }
// break;
case DeviceWatcherEventKind.Remove:
Debug.WriteLine("[RUN] Remove: " + e.DeviceInformationUpdate.Id);
deferral = taskInstance.GetDeferral();
try
{
List <dLock> pluggedRegisteredDeviceListBeforeRemove = await readConnectedRegisteredDevices();
List <Tuple <string, bool, bool> > pluggedRegisteredDeviceListBeforeRemove_tuple = new List <Tuple <string, bool, bool> >();
foreach (dLock device in pluggedRegisteredDeviceListBeforeRemove)
{
Tuple <string, bool, bool> newElem = new Tuple <string, bool, bool>(device.DeviceId, device.isDlockEnabled, device.isUsedForLastLogin);
pluggedRegisteredDeviceListBeforeRemove_tuple.Add(newElem);
}
IReadOnlyList <SecondaryAuthenticationFactorInfo> registeredDeviceList_removeEvent = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.User);
List <SecondaryAuthenticationFactorInfo> pluggedRegisteredDeviceListAfterRemove = await getConnectedRegisteredDeviceList(registeredDeviceList_removeEvent);
foreach (SecondaryAuthenticationFactorInfo deviceToCheck in pluggedRegisteredDeviceListAfterRemove)
{
foreach (dLock device in pluggedRegisteredDeviceListBeforeRemove)
{
if (deviceToCheck.DeviceId == device.DeviceId)
{
var t = pluggedRegisteredDeviceListBeforeRemove_tuple.FirstOrDefault(i => i.Item1 == device.DeviceId);
if (t != null)
{
// delete
pluggedRegisteredDeviceListBeforeRemove_tuple.Remove(t);
}
}
}
}
bool lockDevice = true;
string deviceId = "";
for (int i = 0; i < pluggedRegisteredDeviceListBeforeRemove_tuple.Count(); i++)
{
deviceId = pluggedRegisteredDeviceListBeforeRemove_tuple[i].Item1;
if ((!pluggedRegisteredDeviceListBeforeRemove_tuple[i].Item2) || (!pluggedRegisteredDeviceListBeforeRemove_tuple[i].Item3))
{
lockDevice = false;
}
}
if (lockDevice)
{
Task t = LockDevice(deviceId);
await t;
}
await writeConnectedRegisteredDevices();
}
catch (Exception ex)
{
}
finally
{
deferral.Complete();
}
break;
}
}
}
else
{
Debug.WriteLine("[RUN] Unknown trigger");
deferral = taskInstance.GetDeferral();
//try
//{
// Task t = writeConnectedRegisteredDevices();
// await t;
//}
//catch (ConnectedRegisteredDevicesListTxtFileEmpty Ex)
//{
//}
//finally
//{
// deferral.Complete();
//}
}
// Wait until the operation completes
opCompletedEvent.WaitOne();
deferral.Complete();
}
private async Task AuthenticateWithSmartCardAsync(SmartCard card)
{
var localSettings = Windows.Storage.ApplicationData.Current.LocalSettings;
String m_selectedDeviceId = localSettings.Values["SelectedDevice"] as String;
string m_selectedDeviceFriendlyName = string.Empty;
string m_selectedDeviceAddDate = string.Empty;
string deviceConfigString = string.Empty;
char[] deviceConfigCharArray;
byte[] deviceIdArray = new byte[16];
byte[] deviceDlockState = new byte[1];
bool foundCompanionDevice = false;
byte[] response = { 0 };
string sw1sw2 = null;
SecondaryAuthenticationFactorAuthenticationStageInfo authStageInfo = await SecondaryAuthenticationFactorAuthentication.GetAuthenticationStageInfoAsync();
if ((authStageInfo.Stage != SecondaryAuthenticationFactorAuthenticationStage.CollectingCredential) && (authStageInfo.Stage != SecondaryAuthenticationFactorAuthenticationStage.WaitingForUserConfirmation))
{
throw new Exception("Unexpected! Stage: " + authStageInfo.Stage);
}
//ShowToastNotification("Post Collecting Credential");
System.Diagnostics.Debug.WriteLine("[AuthenticateWithSmartCardAsync] Post Collecting Credential");
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.AllUsers);
if (deviceList.Count == 0)
{
//ShowToastNotification("Unexpected exception, device list = 0");
throw new Exception("Unexpected exception, device list = 0");
}
SmartCardConnection connection = await card.ConnectAsync();
System.Diagnostics.Debug.WriteLine("[AuthenticateWithSmartCardAsync] Connection");
response = await Apdu.TransmitApduAsync(connection, Apdu.getDeviceGuidCmdApdu);
sw1sw2 = Apdu.ApduResponseParser(response, out response);
deviceIdArray = response;
string deviceId = BitConverter.ToString(response).Replace("-", "");
response = await Apdu.TransmitApduAsync(connection, Apdu.getDlockStateCmdApdu);
sw1sw2 = Apdu.ApduResponseParser(response, out response);
deviceDlockState = response;
//string deviceFriendlyName = null;
byte[] deviceConfigDataArray = new byte[18]; //16 bytes for GUID and 1 byte for dLockstate
IBuffer deviceConfigData;
byte[] deviceConfigurationDataArray;
//List<byte[]> deviceConfigList = new List<byte[]>();
foreach (SecondaryAuthenticationFactorInfo device in deviceList)
{
CryptographicBuffer.CopyToByteArray(device.DeviceConfigurationData, out deviceConfigurationDataArray);
//deviceConfigList.Add(deviceConfigurationDataArray);
//deviceFriendlyName = device.DeviceFriendlyName;
if (device.DeviceId == deviceId)
{
m_selectedDeviceId = deviceId;
m_selectedDeviceFriendlyName = device.DeviceFriendlyName;
deviceConfigString = CryptographicBuffer.ConvertBinaryToString(0, device.DeviceConfigurationData);
//deviceConfigCharArray = new char[deviceConfigString.Count()];
//deviceConfigCharArray = deviceConfigString.ToCharArray();
int count = device.DeviceFriendlyName.Count();
m_selectedDeviceAddDate = deviceConfigString.Substring(35 + 1 + count + 1 + 1);
foundCompanionDevice = true;
//continue;
}
}
//Debugger.Break();
if (!foundCompanionDevice)
{
throw new CompanionDeviceNotFoundException();
}
System.Diagnostics.Debug.WriteLine("[AuthenticateWithSmartCardAsync] Start Nonce APDU sending");
response = await Apdu.TransmitApduAsync(connection, Apdu.getNonceCmdApdu);
sw1sw2 = Apdu.ApduResponseParser(response, out response);
if (sw1sw2 != "9000")
{
throw new UnableTogetNonceFromDeviceException();
}
System.Diagnostics.Debug.WriteLine("[AuthenticateWithSmartCardAsync] Nonce APDU recieved without error");
string nonce = BitConverter.ToString(response).Replace("-", "");
IBuffer svcNonce = CryptographicBuffer.DecodeFromHexString(nonce);
System.Diagnostics.Debug.WriteLine("[AuthenticateWithSmartCardAsync] Start Authentication");
SecondaryAuthenticationFactorAuthenticationResult authResult = await SecondaryAuthenticationFactorAuthentication.StartAuthenticationAsync(
m_selectedDeviceId, svcNonce);
if (authResult.Status != SecondaryAuthenticationFactorAuthenticationStatus.Started)
{
//ShowToastNotification("Unexpected! Could not start authentication!");
throw new Exception("Unexpected! Could not start authentication! Status: " + authResult.Status);
}
byte[] devNonce = { 0 };
byte[] svcHmac = { 0 };
byte[] sessNonce = { 0 };
CryptographicBuffer.CopyToByteArray(authResult.Authentication.ServiceAuthenticationHmac, out svcHmac);
CryptographicBuffer.CopyToByteArray(authResult.Authentication.SessionNonce, out sessNonce);
CryptographicBuffer.CopyToByteArray(authResult.Authentication.DeviceNonce, out devNonce);
byte[] cmd = new byte[Apdu.challengeCmdApdu.Length + svcHmac.Length + sessNonce.Length + devNonce.Length];
System.Buffer.BlockCopy(Apdu.challengeCmdApdu, 0, cmd, 0, Apdu.challengeCmdApdu.Length);
System.Buffer.BlockCopy(svcHmac, 0, cmd, Apdu.challengeCmdApdu.Length, svcHmac.Length);
System.Buffer.BlockCopy(sessNonce, 0, cmd, Apdu.challengeCmdApdu.Length + svcHmac.Length, sessNonce.Length);
System.Buffer.BlockCopy(devNonce, 0, cmd, Apdu.challengeCmdApdu.Length + svcHmac.Length + sessNonce.Length, devNonce.Length);
System.Diagnostics.Debug.WriteLine("[AuthenticateWithSmartCardAsync] Send Challenge");
string str = "\"" + m_selectedDeviceFriendlyName + "\"";
await SecondaryAuthenticationFactorAuthentication.ShowNotificationMessageAsync(
str,
SecondaryAuthenticationFactorAuthenticationMessage.DeviceNeedsAttention);
response = await Apdu.TransmitApduAsync(connection, cmd);
sw1sw2 = Apdu.ApduResponseParser(response, out response);
if (sw1sw2 == "6985")
{
throw new UnauthorizedUserException();
}
else if (sw1sw2 == "6984")
{
//ShowToastNotification("Log-in denied by user");
throw new LogInDeniedByUserException();
}
System.Diagnostics.Debug.WriteLine("[AuthenticateWithSmartCardAsync] Response recieved");
byte[] HMACdk = new byte[32];
byte[] HMACsk = new byte[32];
System.Buffer.BlockCopy(response, 0, HMACdk, 0, 32);
System.Buffer.BlockCopy(response, 32, HMACsk, 0, 32);
IBuffer deviceHmac = CryptographicBuffer.CreateFromByteArray(HMACdk);
IBuffer sessionHmac = CryptographicBuffer.CreateFromByteArray(HMACsk);
SecondaryAuthenticationFactorFinishAuthenticationStatus authStatus = await authResult.Authentication.FinishAuthenticationAsync(deviceHmac,
sessionHmac);
if (authStatus != SecondaryAuthenticationFactorFinishAuthenticationStatus.Completed)
{
//ShowToastNotification("Unable to complete authentication!");
System.Diagnostics.Debug.WriteLine("[AuthenticateWithSmartCardAsync] Unable to complete authentication");
throw new Exception("Unable to complete authentication!");
}
deviceConfigString = "";
if (deviceDlockState[0] == 0)
{
deviceConfigString = deviceId + "-0-1-" + m_selectedDeviceFriendlyName + "-" + m_selectedDeviceAddDate;
}
else
{
deviceConfigString = deviceId + "-1-1-" + m_selectedDeviceFriendlyName + "-" + m_selectedDeviceAddDate;
}
deviceConfigCharArray = new char[deviceConfigString.Count()];
deviceConfigString.CopyTo(0, deviceConfigCharArray, 0, deviceConfigString.Count()); // because deviceConfigString is readonly
deviceConfigCharArray[35] = '1'; // to indicate that device was not used for last login
string deviceConfigStringNew = new string(deviceConfigCharArray);
//Debugger.Break();
deviceConfigData = CryptographicBuffer.ConvertStringToBinary(deviceConfigStringNew, 0);
await SecondaryAuthenticationFactorRegistration.UpdateDeviceConfigurationDataAsync(deviceId, deviceConfigData); //update deviceConfigData
foreach (SecondaryAuthenticationFactorInfo device in deviceList)
{
if (device.DeviceId != deviceId)
{
deviceConfigString = CryptographicBuffer.ConvertBinaryToString(0, device.DeviceConfigurationData);
deviceConfigCharArray = new char[deviceConfigString.Count()];
deviceConfigString.CopyTo(0, deviceConfigCharArray, 0, deviceConfigString.Count()); // decause deviceConfigString is readonly
deviceConfigCharArray[35] = '0'; // to indicate that device was not used for last login
deviceConfigStringNew = new string(deviceConfigCharArray);
deviceConfigData = CryptographicBuffer.ConvertStringToBinary(deviceConfigStringNew, 0);
//Debugger.Break();
await SecondaryAuthenticationFactorRegistration.UpdateDeviceConfigurationDataAsync(device.DeviceId, deviceConfigData); //update deviceConfigData
}
}
System.Diagnostics.Debug.WriteLine("[AuthenticateWithSmartCardAsync] Auth completed");
connection.Dispose();
}
public static async Task RegisterDevice_Click(string deviceFriendlyName)
{
String deviceId = "";
IBuffer deviceKey = CryptographicBuffer.GenerateRandom(32);
IBuffer authKey = CryptographicBuffer.GenerateRandom(32);
byte[] deviceKeyArray = new byte[32];
byte[] authKeyArray = new byte[32];
byte[] deviceIdArray = new byte[16];
byte[] deviceDlockState = new byte[1];
byte[] response = { 0 };
int numberOfDevices = 0;
int numberOfRegisteredDevices = 0;
string sw1sw2 = null;
//byte[] combinedDataArray = new byte[64];
string NanosATR = "3b00";
String deviceModelNumber = "0001";
//List<SmartCardListItem> cardItems = new List<SmartCardListItem>();
MessageDialog myDlg;
bool isSupported;
isSupported = await KeyCredentialManager.IsSupportedAsync();
if (!isSupported)
{
var loader = new Windows.ApplicationModel.Resources.ResourceLoader();
string PleaseSetUpPinContent = loader.GetString("PleaseSetupPin_content_error");
string PleaseSetUpPinTitle = loader.GetString("PleaseSetupPin_title_error");
myDlg = new MessageDialog(PleaseSetUpPinContent, PleaseSetUpPinTitle);
await myDlg.ShowAsync();
return;
}
IReadOnlyList <User> users = await User.FindAllAsync(UserType.LocalUser, UserAuthenticationStatus.LocallyAuthenticated);
string userId = users.ElementAt(0).NonRoamableId;
string selector = SmartCardReader.GetDeviceSelector();
selector += " AND System.Devices.DeviceInstanceId:~~\"Ledger\"";
//string test = selector.Replace(" ", ((char)34).ToString());
DeviceInformationCollection devices = await DeviceInformation.FindAllAsync(selector);
foreach (DeviceInformation device in devices)
{
SmartCardReader reader = await SmartCardReader.FromIdAsync(device.Id);
IReadOnlyList <SmartCard> cards = await reader.FindAllCardsAsync();
foreach (SmartCard card in cards)
{
SmartCardProvisioning provisioning = await SmartCardProvisioning.FromSmartCardAsync(card);
IBuffer ATR = await card.GetAnswerToResetAsync();
string ATR_str = CryptographicBuffer.EncodeToHexString(ATR);
if (ATR_str.Equals(NanosATR))
{
numberOfDevices++;
bool foundCompanionDevice = false;
// List the registered devices to prevent registering twice the same device
IReadOnlyList <SecondaryAuthenticationFactorInfo> registeredDeviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.AllUsers);
SmartCardConnection connection = await card.ConnectAsync();
response = await Apdu.TransmitApduAsync(connection, Apdu.getDeviceGuidCmdApdu);
sw1sw2 = Apdu.ApduResponseParser(response, out response);
connection.Dispose();
deviceIdArray = response;
deviceId = BitConverter.ToString(response).Replace("-", "");
// Loop on registered devices to check if device to register has already been registered
for (int i = 0; i < registeredDeviceList.Count(); i++)
{
if (registeredDeviceList.ElementAt(i).DeviceId == deviceId)
{
//deviceFriendlyName = registeredDeviceList.ElementAt(i).DeviceFriendlyName;
numberOfRegisteredDevices++;
foundCompanionDevice = true;
break;
}
}
if (foundCompanionDevice)// This device has already been registered
{
// New message dialog to inform user, and break from card loop
//myDlg = null;
//myDlg = new MessageDialog("The device \"" + deviceFriendlyName + "\" has already been registered");
//await myDlg.ShowAsync();
continue;
}
connection = await card.ConnectAsync();
response = await Apdu.TransmitApduAsync(connection, Apdu.getDlockStateCmdApdu);
sw1sw2 = Apdu.ApduResponseParser(response, out response);
deviceDlockState = response;
response = await Apdu.TransmitApduAsync(connection, Apdu.startRegistrationCmdApdu);
sw1sw2 = Apdu.ApduResponseParser(response, out response);
connection.Dispose();
if (sw1sw2 != "9000")
{
var loader = new Windows.ApplicationModel.Resources.ResourceLoader();
string RegistrationDeniedContent = loader.GetString("RegsitrationDenied_content_error");
string RegistrationDeniedTitle = loader.GetString("RegsitrationDenied_title_error");
myDlg = null;
myDlg = new MessageDialog(RegistrationDeniedContent, RegistrationDeniedTitle);
await myDlg.ShowAsync();
return;
}
// Get device key from response
for (int index = 0; index < 32; index++)
{
deviceKeyArray[index] = response[index];
}
deviceKey = CryptographicBuffer.CreateFromByteArray(deviceKeyArray);
// Get auth key from response
for (int index = 0; index < 32; index++)
{
authKeyArray[index] = response[index + 32];
}
authKey = CryptographicBuffer.CreateFromByteArray(authKeyArray);
byte[] deviceConfigDataArray = new byte[18]; //16 bytes for GUID and 1 byte for dLockstate
for (int i = 0; i < 16; i++)
{
deviceConfigDataArray[i] = deviceIdArray[i];
}
deviceConfigDataArray[16] = deviceDlockState[0];
deviceConfigDataArray[17] = 0; // 1 if used for last logon, 0 instead
string deviceConfigString = "";
DateTime addDate = DateTime.Now;
//DateTime addDate = new DateTime(2017, 5, 31, 13, 23, 45);
if (deviceDlockState[0] == 0)
{
deviceConfigString = deviceId + "-0-0-" + deviceFriendlyName + "-" + addDate.ToString() + "-" + userId;
}
else
{
deviceConfigString = deviceId + "-1-0-" + deviceFriendlyName + "-" + addDate.ToString() + "-" + userId;
}
// Get a Ibuffer from combinedDataArray
IBuffer deviceConfigData = CryptographicBuffer.ConvertStringToBinary(deviceConfigString, 0);
//IBuffer deviceConfigData = CryptographicBuffer.CreateFromByteArray(deviceConfigDataArray);
SecondaryAuthenticationFactorDeviceCapabilities capabilities = SecondaryAuthenticationFactorDeviceCapabilities.SecureStorage |
SecondaryAuthenticationFactorDeviceCapabilities.HMacSha256 | SecondaryAuthenticationFactorDeviceCapabilities.StoreKeys |
SecondaryAuthenticationFactorDeviceCapabilities.SupportSecureUserPresenceCheck;
SecondaryAuthenticationFactorRegistrationResult registrationResult = await SecondaryAuthenticationFactorRegistration.RequestStartRegisteringDeviceAsync(
deviceId,
capabilities,
deviceFriendlyName,
deviceModelNumber,
deviceKey,
authKey);
if (registrationResult.Status != SecondaryAuthenticationFactorRegistrationStatus.Started)
{
myDlg = null;
if (registrationResult.Status == SecondaryAuthenticationFactorRegistrationStatus.DisabledByPolicy)
{
//For DisaledByPolicy Exception:Ensure secondary auth is enabled.
//Use GPEdit.msc to update group policy to allow secondary auth
//Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Microsoft Secondary Authentication Factor\Allow Companion device for secondary authentication
myDlg = new MessageDialog("Disabled by Policy. Please update the policy and try again.");
}
if (registrationResult.Status == SecondaryAuthenticationFactorRegistrationStatus.PinSetupRequired)
{
//For PinSetupRequired Exception:Ensure PIN is setup on the device
//Either use gpedit.msc or set reg key
//This setting can be enabled by creating the AllowDomainPINLogon REG_DWORD value under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System Registry key and setting it to 1.
var loader = new Windows.ApplicationModel.Resources.ResourceLoader();
var str = loader.GetString("PleaseSetupPin_error");
myDlg = new MessageDialog(str);
}
if (myDlg != null)
{
await myDlg.ShowAsync();
return;
}
}
System.Diagnostics.Debug.WriteLine("[RegisterDevice_Click] Device Registration Started!");
await registrationResult.Registration.FinishRegisteringDeviceAsync(deviceConfigData);
//DeviceListBox.Items.Add(deviceFriendlyName);
System.Diagnostics.Debug.WriteLine("[RegisterDevice_Click] Device Registration is Complete!");
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.AllUsers);
SecondaryAuthenticationFactorDevicePresenceMonitoringRegistrationStatus status =
await SecondaryAuthenticationFactorRegistration.RegisterDevicePresenceMonitoringAsync(
deviceId,
device.Id,
SecondaryAuthenticationFactorDevicePresenceMonitoringMode.AppManaged /*,
* deviceFriendlyName,
* deviceModelNumber,
* deviceConfigData*/);
switch (status)
{
//case SecondaryAuthenticationFactorDevicePresenceMonitoringRegistrationStatus.Succeeded:
// await new MessageDialog("Registered for presence monitoring!").ShowAsync();
// break;
case SecondaryAuthenticationFactorDevicePresenceMonitoringRegistrationStatus.DisabledByPolicy:
await new MessageDialog("Registered for presence disabled by policy!").ShowAsync();
break;
}
listContent listItem = new listContent();
listItem.deviceFriendlyName = deviceFriendlyName;
listItem.deviceGUID = deviceId;
//listItem.isVisible = false;
listItem.date = addDate;
listItem.dateString = FormatDate(addDate);
//DeviceListBox.Items.Add(listItem);
//StartWatcher();
//this.Frame.Navigate(typeof(MainPage), "false");
}
}
}
if (numberOfDevices == numberOfRegisteredDevices)
{
var loader = new Windows.ApplicationModel.Resources.ResourceLoader();
string str = loader.GetString("DeviceAlreadyRegistered_content_error");
throw new Exception(str);
//myDlg = new MessageDialog("Ledger Nano-s for Windows Hello not found" + Environment.NewLine + Environment.NewLine + "Please plug a ledger Nano-s in a usb port");
//await myDlg.ShowAsync();
//return;
}
return;
}
private async void RegisterDevice_Click(object sender, RoutedEventArgs e)
{
String deviceId = System.Guid.NewGuid().ToString();
// WARNING: Test code
// These keys should be generated on the companion device
// Create device key and authentication key
IBuffer deviceKey = CryptographicBuffer.GenerateRandom(32);
IBuffer authKey = CryptographicBuffer.GenerateRandom(32);
//
// WARNING: Test code
// The keys SHOULD NOT be saved into device config data
//
byte[] deviceKeyArray = { 0 };
CryptographicBuffer.CopyToByteArray(deviceKey, out deviceKeyArray);
byte[] authKeyArray = { 0 };
CryptographicBuffer.CopyToByteArray(authKey, out authKeyArray);
//Generate combinedDataArray
int combinedDataArraySize = deviceKeyArray.Length + authKeyArray.Length;
byte[] combinedDataArray = new byte[combinedDataArraySize];
for (int index = 0; index < deviceKeyArray.Length; index++)
{
combinedDataArray[index] = deviceKeyArray[index];
}
for (int index = 0; index < authKeyArray.Length; index++)
{
combinedDataArray[deviceKeyArray.Length + index] = authKeyArray[index];
}
// Get a Ibuffer from combinedDataArray
IBuffer deviceConfigData = CryptographicBuffer.CreateFromByteArray(combinedDataArray);
//
// WARNING: Test code
// The friendly name and device model number SHOULD come from device
//
String deviceFriendlyName = "Test Simulator";
String deviceModelNumber = "Sample A1";
SecondaryAuthenticationFactorDeviceCapabilities capabilities = SecondaryAuthenticationFactorDeviceCapabilities.SecureStorage;
SecondaryAuthenticationFactorRegistrationResult registrationResult = await SecondaryAuthenticationFactorRegistration.RequestStartRegisteringDeviceAsync(deviceId,
capabilities,
deviceFriendlyName,
deviceModelNumber,
deviceKey,
authKey);
if (registrationResult.Status != SecondaryAuthenticationFactorRegistrationStatus.Started)
{
MessageDialog myDlg = null;
if (registrationResult.Status == SecondaryAuthenticationFactorRegistrationStatus.DisabledByPolicy)
{
//For DisaledByPolicy Exception:Ensure secondary auth is enabled.
//Use GPEdit.msc to update group policy to allow secondary auth
//Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Microsoft Secondary Authentication Factor\Allow Companion device for secondary authentication
myDlg = new MessageDialog("Disabled by Policy. Please update the policy and try again.");
}
if (registrationResult.Status == SecondaryAuthenticationFactorRegistrationStatus.PinSetupRequired)
{
//For PinSetupRequired Exception:Ensure PIN is setup on the device
//Either use gpedit.msc or set reg key
//This setting can be enabled by creating the AllowDomainPINLogon REG_DWORD value under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System Registry key and setting it to 1.
myDlg = new MessageDialog("Please setup PIN for your device and try again.");
}
if (myDlg != null)
{
await myDlg.ShowAsync();
return;
}
}
System.Diagnostics.Debug.WriteLine("Device Registration Started!");
await registrationResult.Registration.FinishRegisteringDeviceAsync(deviceConfigData);
DeviceListBox.Items.Add(deviceId);
System.Diagnostics.Debug.WriteLine("Device Registration is Complete!");
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.User);
RefreshDeviceList(deviceList);
}
