public void U2F_StartAuthentication()
{
RegisterResponse registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64, TestConts.CLIENT_DATA_REGISTER_BASE64);
RawRegisterResponse rawAuthenticateResponse = RawRegisterResponse.FromBase64(registerResponse.RegistrationData);
DeviceRegistration deviceRegistration = rawAuthenticateResponse.CreateDevice();
var results = U2F.StartAuthentication(TestConts.APP_ID_ENROLL, deviceRegistration);
Assert.IsNotNull(results);
Assert.IsNotNull(results.AppId);
Assert.IsNotNull(results.Challenge);
Assert.IsNotNull(results.KeyHandle);
Assert.IsNotNull(results.Version);
}
public List <ServerChallenge> GenerateServerChallenges(string userName)
{
if (string.IsNullOrWhiteSpace(userName))
{
return(null);
}
User user = _userRepository.FindUser(userName);
if (user == null)
{
return(null);
}
// We only want to generate challenges for un-compromised devices
List <Device> device = user.DeviceRegistrations.Where(w => w.IsCompromised == false).ToList();
if (device.Count == 0)
{
return(null);
}
_userRepository.RemoveUsersAuthenticationRequests(userName);
List <ServerChallenge> serverChallenges = new List <ServerChallenge>();
foreach (var registeredDevice in device)
{
DeviceRegistration registration = new DeviceRegistration(registeredDevice.KeyHandle, registeredDevice.PublicKey, registeredDevice.AttestationCert, Convert.ToUInt32(registeredDevice.Counter));
StartedAuthentication startedAuthentication = U2F.StartAuthentication(DemoAppId, registration);
serverChallenges.Add(new ServerChallenge
{
appId = startedAuthentication.AppId,
challenge = startedAuthentication.Challenge,
keyHandle = startedAuthentication.KeyHandle,
version = startedAuthentication.Version
});
_userRepository.SaveUserAuthenticationRequest(userName, startedAuthentication.AppId, startedAuthentication.Challenge,
startedAuthentication.KeyHandle);
}
return(serverChallenges);
}
public static async Task AuthenticateAsync(IHidDevice hidDevice, DeviceRegistration deviceRegistration, string appId, string facet, bool checkOnly = false, CancellationToken?cancellationToken = null)
{
cancellationToken = cancellationToken ?? CancellationToken.None;
if (hidDevice == null || !hidDevice.IsConnected)
{
throw new ArgumentException("Hid device not connected", nameof(hidDevice));
}
using (var u2fHidDevice = await U2FHidDevice.OpenAsync(hidDevice))
{
var startAuthentication = U2F.StartAuthentication(appId, deviceRegistration);
Log.Debug("Touch token to authenticate");
var authenticateResponse = await WaitForTokenInputAsync(() => U2Fv2.AuthenticateAsync(u2fHidDevice, startAuthentication, facet, checkOnly), cancellationToken.Value).ConfigureAwait(false);
U2F.FinishAuthentication(startAuthentication, authenticateResponse, deviceRegistration);
Log.Debug("Authenticated");
}
}
public ServerChallenge GenerateServerChallenge(string userName)
{
if (string.IsNullOrWhiteSpace(userName))
{
return(null);
}
User user = _userRepository.FindUser(userName);
if (user == null)
{
return(null);
}
// TODO this would have to change
var device = user.DeviceRegistrations.FirstOrDefault();
if (device == null)
{
return(null);
}
DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, device.Counter);
StartedAuthentication startedAuthentication = U2F.StartAuthentication(DemoAppId, registration);
_userRepository.SaveUserAuthenticationRequest(userName, startedAuthentication.AppId, startedAuthentication.Challenge,
startedAuthentication.KeyHandle);
return(new ServerChallenge
{
AppId = startedAuthentication.AppId,
Challenge = startedAuthentication.Challenge,
KeyHandle = startedAuthentication.KeyHandle,
Version = startedAuthentication.Version
});
}
