public virtual void TestProcessRegistrationResponse_MultipleTransports()
{
mockDataStore.Setup(x => x.GetEnrollSessionData(SESSION_ID))
.Returns(new EnrollSessionData(ACCOUNT_NAME, APP_ID_ENROLL, SERVER_CHALLENGE_ENROLL));
var trustedCertificates = new List <X509Certificate>();
trustedCertificates.Add(TRUSTED_CERTIFICATE_MULTIPLE_TRANSPORTS);
mockDataStore.Setup(x => x.GetTrustedCertificates()).Returns(trustedCertificates);
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var registrationResponse = new RegisterResponse(REGISTRATION_RESPONSE_DATA_MULTIPLE_TRANSPORTS_BASE64,
BROWSER_DATA_ENROLL_BASE64, SESSION_ID);
u2FServer.ProcessRegistrationResponse(registrationResponse, 0L);
var transports = new List <SecurityKeyDataTransports>();
transports.Add(SecurityKeyDataTransports.BluetoothRadio);
transports.Add(SecurityKeyDataTransports.BluetoothLowEnergy);
transports.Add(SecurityKeyDataTransports.Nfc);
var expectedKeyData = new SecurityKeyData(0L, transports, KEY_HANDLE, USER_PUBLIC_KEY_ENROLL_HEX,
TRUSTED_CERTIFICATE_MULTIPLE_TRANSPORTS, 0);
mockDataStore.Verify(x => x.AddSecurityKeyData(ACCOUNT_NAME, expectedKeyData));
}
async void EnrollClicked(object sender, RoutedEventArgs e)
{
try
{
ActionstextBox.Text = "";
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
dataStore,
new BouncyCastleServerCrypto(),
new[] { "http://example.com", "https://example.com" });
var myClient = new U2FClient(
new DummySender("http://example.com", new JObject()),
keyFactory);
var signRequests = server.GetSignRequests(EnrollUserName.Text, EnrollAppId.Text);
var regRequest = server.GetRegistrationRequest(EnrollUserName.Text, EnrollAppId.Text);
var cts = new CancellationTokenSource(TimeSpan.FromMinutes(1));
ActionstextBox.Text += "Register...\r\n";
var x = await myClient.Register(new[] { regRequest }, signRequests, cts.Token);
ActionstextBox.Text += "Register done, sending to server\r\n";
var serverResp = server.ProcessRegistrationResponse(x, ToUnixTimeMilliseconds(SystemClock.Instance.Now));
ActionstextBox.Text += "Server OK\r\n";
ActionstextBox.Text += $"{serverResp}\r\n";
}
catch (Exception exception)
{
ActionstextBox.Text += "\r\n\r\n" + exception.ToString();
}
}
private static void TestSoftwareOnly()
{
var key = new SimulatedU2FKey(
TestVectors.VENDOR_CERTIFICATE,
TestVectors.VENDOR_CERTIFICATE_PRIVATE_KEY,
new TestKeyPairGenerator(),
new GuidKeyHandleGenerator(),
new InMemoryKeyDataStore(),
new ConsolePresenceVerifier(),
new BouncyCastleKeyCrypto());
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
new InMemoryServerDataStore(new GuidSessionIdGenerator()),
new BouncyCastleServerCrypto(),
new [] { "http://example.com", "https://example.com" });
var client = new U2FClientReferenceImpl(
BouncyCastleClientCrypto.Instance,
new SimpleOriginVerifier(new[] { "http://example.com", "https://example.com" }),
new ChannelProvider(),
server,
key,
SystemClock.Instance);
client.Register("http://example.com", "vbfox");
client.Authenticate("http://example.com", "vbfox");
Console.WriteLine("Done.");
Console.ReadLine();
}
private static async Task TestNew2()
{
var hidFactory = Win32HidDeviceFactory.Instance;
var keyFactory = new U2FHidKeyFactory(hidFactory);
var dataStore = new InMemoryServerDataStore(new GuidSessionIdGenerator());
LoadDataStore(dataStore);
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
dataStore,
new BouncyCastleServerCrypto(),
new[] { "http://example.com", "https://example.com" });
var myClient = new U2FClient(
new DummySender("http://example.com", new JObject()),
keyFactory);
Console.WriteLine("Register or Sign ? (r/s)");
var mode = Console.ReadLine();
if (mode == "s")
{
var signRequests = server.GetSignRequests("vbfox", "http://example.com");
Console.WriteLine("Sign requests obtained ({0})", signRequests.Count);
var cts = new CancellationTokenSource(TimeSpan.FromMinutes(10));
var x = await myClient.Sign(signRequests, cts.Token);
Console.WriteLine("Signature done {0}", x);
if (x != null)
{
var serverResp = server.ProcessSignResponse(x);
Console.WriteLine("Server ok: {0}", serverResp);
SaveDataStore(dataStore);
}
}
else if (mode == "r")
{
var signRequests = server.GetSignRequests("vbfox", "http://example.com");
var regRequest = server.GetRegistrationRequest("vbfox", "http://example.com");
var cts = new CancellationTokenSource(TimeSpan.FromMinutes(10));
var x = await myClient.Register(new[] { regRequest }, signRequests, cts.Token);
Console.WriteLine("Authentication done {0}", x);
if (x != null)
{
var serverResp = server.ProcessRegistrationResponse(x, ToUnixTimeMilliseconds(SystemClock.Instance.Now));
Console.WriteLine("Server ok: {0}", serverResp);
SaveDataStore(dataStore);
}
}
else
{
Console.WriteLine("???");
}
Console.ReadLine();
return;
}
public virtual void TestGetRegistrationRequest()
{
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var registrationRequest = u2FServer.GetRegistrationRequest(ACCOUNT_NAME, APP_ID_ENROLL);
var expected = new RegisterRequest("U2F_V2", SERVER_CHALLENGE_ENROLL_BASE64, APP_ID_ENROLL, SESSION_ID);
Check.That(registrationRequest).IsEqualTo(expected);
}
public virtual void TestGetRegistrationRequest()
{
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var registrationRequest = u2FServer.GetRegistrationRequest(ACCOUNT_NAME, APP_ID_ENROLL);
var expected = new RegisterRequest("U2F_V2", SERVER_CHALLENGE_ENROLL_BASE64, APP_ID_ENROLL, SESSION_ID);
Check.That(registrationRequest).IsEqualTo(expected);
}
public virtual void TestProcessSignResponse()
{
mockDataStore.Setup(x => x.GetSignSessionData(SESSION_ID))
.Returns(new SignSessionData(ACCOUNT_NAME, APP_ID_SIGN, SERVER_CHALLENGE_SIGN, USER_PUBLIC_KEY_SIGN_HEX));
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var signResponse = new SignResponse(BROWSER_DATA_SIGN_BASE64, SIGN_RESPONSE_DATA_BASE64,
SERVER_CHALLENGE_SIGN_BASE64, SESSION_ID, APP_ID_SIGN);
u2FServer.ProcessSignResponse(signResponse);
}
public virtual void TestProcessRegistrationResponse_NoTransports()
{
mockDataStore.Setup(x => x.GetEnrollSessionData(SESSION_ID))
.Returns(new EnrollSessionData(ACCOUNT_NAME, APP_ID_ENROLL, SERVER_CHALLENGE_ENROLL));
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var registrationResponse = new RegisterResponse(REGISTRATION_DATA_BASE64, BROWSER_DATA_ENROLL_BASE64,
SESSION_ID);
u2FServer.ProcessRegistrationResponse(registrationResponse, 0L);
var expectedKeyData = new SecurityKeyData(0L, KEY_HANDLE, USER_PUBLIC_KEY_ENROLL_HEX, VENDOR_CERTIFICATE, 0);
mockDataStore.Verify(x => x.AddSecurityKeyData(ACCOUNT_NAME, expectedKeyData));
}
public virtual void TestGetSignRequest()
{
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
mockChallengeGenerator.Setup(x => x.GenerateChallenge(ACCOUNT_NAME))
.Returns(SERVER_CHALLENGE_SIGN);
var signRequest = u2FServer.GetSignRequests(ACCOUNT_NAME, APP_ID_SIGN);
var expected = new SignRequest("U2F_V2", SERVER_CHALLENGE_SIGN_BASE64, APP_ID_SIGN, KEY_HANDLE_BASE64,
SESSION_ID);
Assert.AreEqual(expected, signRequest[0]);
}
// (currently, this test uses an enrollment browserdata during a signature)
public virtual void TestProcessSignResponse2()
{
mockDataStore.Setup(x => x.GetSignSessionData(SESSION_ID))
.Returns(new SignSessionData(ACCOUNT_NAME, APP_ID_2, SERVER_CHALLENGE_SIGN, USER_PUBLIC_KEY_2));
mockDataStore.Setup(x => x.GetSecurityKeyData(ACCOUNT_NAME))
.Returns(new List <SecurityKeyData>
{
new SecurityKeyData(0L, KEY_HANDLE_2, USER_PUBLIC_KEY_2, VENDOR_CERTIFICATE, 0)
});
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto, TRUSTED_DOMAINS);
var signResponse = new SignResponse(BROWSER_DATA_2_BASE64, SIGN_DATA_2_BASE64, CHALLENGE_2_BASE64, SESSION_ID, APP_ID_2);
u2FServer.ProcessSignResponse(signResponse);
}
public virtual void TestProcessRegistrationResponse_NoTransports()
{
mockDataStore.Setup(x => x.GetEnrollSessionData(SESSION_ID))
.Returns(new EnrollSessionData(ACCOUNT_NAME, APP_ID_ENROLL, SERVER_CHALLENGE_ENROLL));
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var registrationResponse = new RegisterResponse(REGISTRATION_DATA_BASE64, BROWSER_DATA_ENROLL_BASE64,
SESSION_ID);
u2FServer.ProcessRegistrationResponse(registrationResponse, 0L);
var expectedKeyData = new SecurityKeyData(0L, KEY_HANDLE, USER_PUBLIC_KEY_ENROLL_HEX, VENDOR_CERTIFICATE, 0);
mockDataStore.Verify(x => x.AddSecurityKeyData(ACCOUNT_NAME, expectedKeyData));
}
public virtual void TestSanitizeOrigin()
{
Assert.AreEqual("http://example.com", U2FServerReferenceImpl
.CanonicalizeOrigin("http://example.com"));
Assert.AreEqual("http://example.com", U2FServerReferenceImpl
.CanonicalizeOrigin("http://example.com/"));
Assert.AreEqual("http://example.com", U2FServerReferenceImpl
.CanonicalizeOrigin("http://example.com/foo"));
Assert.AreEqual("http://example.com", U2FServerReferenceImpl
.CanonicalizeOrigin("http://example.com/foo?bar=b"));
Assert.AreEqual("http://example.com", U2FServerReferenceImpl
.CanonicalizeOrigin("http://example.com/foo#fragment"));
Assert.AreEqual("https://example.com", U2FServerReferenceImpl
.CanonicalizeOrigin("https://example.com"));
Assert.AreEqual("https://example.com", U2FServerReferenceImpl
.CanonicalizeOrigin("https://example.com/foo"));
}
public virtual void TestProcessRegistrationResponse2()
{
mockDataStore.Setup(x => x.GetEnrollSessionData(SESSION_ID))
.Returns(new EnrollSessionData(ACCOUNT_NAME, APP_ID_ENROLL, SERVER_CHALLENGE_ENROLL));
var trustedCertificates = new List <X509Certificate>();
trustedCertificates.Add(VENDOR_CERTIFICATE);
trustedCertificates.Add(TRUSTED_CERTIFICATE_2);
mockDataStore.Setup(x => x.GetTrustedCertificates()).Returns(trustedCertificates);
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var registrationResponse = new RegisterResponse(REGISTRATION_DATA_2_BASE64, BROWSER_DATA_2_BASE64,
SESSION_ID);
u2FServer.ProcessRegistrationResponse(registrationResponse, 0L);
var expectedKeyData = new SecurityKeyData(0L, null, KEY_HANDLE_2, USER_PUBLIC_KEY_2, TRUSTED_CERTIFICATE_2,
0);
mockDataStore.Verify(x => x.AddSecurityKeyData(ACCOUNT_NAME, expectedKeyData));
}
public virtual void TestProcessSignResponseBadOrigin()
{
mockDataStore.Setup(x => x.GetSignSessionData(SESSION_ID))
.Returns(new SignSessionData(ACCOUNT_NAME, APP_ID_SIGN, SERVER_CHALLENGE_SIGN, USER_PUBLIC_KEY_SIGN_HEX));
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object
, mockDataStore.Object, crypto, new List <string> {
"http://some-other-domain.com"
});
var signResponse = new SignResponse(BROWSER_DATA_SIGN_BASE64, SIGN_RESPONSE_DATA_BASE64, SERVER_CHALLENGE_SIGN_BASE64, SESSION_ID, APP_ID_SIGN);
try
{
u2FServer.ProcessSignResponse(signResponse);
Assert.Fail("expected exception, but didn't get it");
}
catch (U2FException e)
{
Assert.IsTrue(e.Message.Contains("is not a recognized home origin"));
}
}
private static async Task TestDual()
{
var hidFactory = Win32HidDeviceFactory.Instance;
var keyFactory = new U2FHidKeyFactory(hidFactory);
var keyIds = await keyFactory.FindAllAsync();
var keyId = keyIds.First();
using (var u2f = await keyId.OpenAsync())
{
var key = new U2FDeviceKey(u2f);
var dataStore = new InMemoryServerDataStore(new GuidSessionIdGenerator());
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
dataStore,
new BouncyCastleServerCrypto(),
new[] { "http://example.com", "https://example.com" });
var client = new U2FClientReferenceImpl(
BouncyCastleClientCrypto.Instance,
new SimpleOriginVerifier(new[] { "http://example.com", "https://example.com" }),
new ChannelProvider(),
server,
key,
SystemClock.Instance);
LoadDataStore(dataStore);
//client.Register("http://example.com", "vbfox");
//SaveDataStore(dataStore);
client.Authenticate("http://example.com", "vbfox");
SaveDataStore(dataStore);
}
Console.WriteLine("Done.");
Console.ReadLine();
}
async void EnrollClicked(object sender, RoutedEventArgs e)
{
var keyDict = new ConcurrentDictionary<IKeyId, bool>();
textBox.Text = "";
var hidFactory = new UwpHidDeviceFactory(Dispatcher);
var keyFactory = new U2FHidKeyFactory(hidFactory);
var dataStore = new InMemoryServerDataStore(new GuidSessionIdGenerator());
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
dataStore,
new BouncyCastleServerCrypto(),
new[] { "http://example.com", "https://example.com" });
var myClient = new U2FClient(
new DummySender("http://example.com", new JObject()),
keyFactory);
var signRequests = server.GetSignRequests("vbfox", "http://example.com");
var regRequest = server.GetRegistrationRequest("vbfox", "http://example.com");
var cts = new CancellationTokenSource(TimeSpan.FromMinutes(10));
textBox.Text += "Register...\r\n";
var x = await myClient.Register(new[] { regRequest }, signRequests, cts.Token);
textBox.Text += "Register done, sending to server\r\n";
var serverResp = server.ProcessRegistrationResponse(x, ToUnixTimeMilliseconds(SystemClock.Instance.Now));
textBox.Text += "Server OK\r\n";
textBox.Text += $"{serverResp}\r\n";
}
public virtual void TestProcessRegistrationResponse_OneTransport()
{
mockDataStore.Setup(x => x.GetEnrollSessionData(SESSION_ID))
.Returns(new EnrollSessionData(ACCOUNT_NAME, APP_ID_ENROLL, SERVER_CHALLENGE_ENROLL));
var trustedCertificates = new List<X509Certificate>();
trustedCertificates.Add(TRUSTED_CERTIFICATE_ONE_TRANSPORT);
mockDataStore.Setup(x => x.GetTrustedCertificates()).Returns(trustedCertificates);
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var registrationResponse = new RegisterResponse(REGISTRATION_RESPONSE_DATA_ONE_TRANSPORT_BASE64,
BROWSER_DATA_ENROLL_BASE64, SESSION_ID);
u2FServer.ProcessRegistrationResponse(registrationResponse, 0L);
var transports = new List<SecurityKeyDataTransports>();
transports.Add(SecurityKeyDataTransports.BluetoothRadio);
var expectedKeyData = new SecurityKeyData(0L, transports, KEY_HANDLE, USER_PUBLIC_KEY_ENROLL_HEX,
TRUSTED_CERTIFICATE_ONE_TRANSPORT, 0);
mockDataStore.Verify(x => x.AddSecurityKeyData(ACCOUNT_NAME, expectedKeyData));
}
private static async Task TestNew()
{
var hidFactory = Win32HidDeviceFactory.Instance;
var keyFactory = new U2FHidKeyFactory(hidFactory);
var keyIds = await keyFactory.FindAllAsync();
var keyId = keyIds.First();
var dataStore = new InMemoryServerDataStore(new GuidSessionIdGenerator());
LoadDataStore(dataStore);
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
dataStore,
new BouncyCastleServerCrypto(),
new[] { "http://example.com", "https://example.com" });
var myClient = new U2FClient(
new DummySender("http://example.com", new JObject()),
(o, a, ct) => Task.FromResult(true),
(o, a, ct) => Task.FromResult(true),
keyFactory,
BouncyCastleClientCrypto.Instance);
var signRequests = server.GetSignRequests("vbfox", "http://example.com");
var x = await myClient.Sign(signRequests, CancellationToken.None);
return;
var origin = "http://example.com";
var channelId = new JObject();
var requestAndClientDatas = signRequests
.Select(signRequest =>
{
string clientDataB64;
var authRequest = U2FClientReferenceImpl.SignRequestToAuthenticateRequest("http://example.com", signRequest, new JObject(),
out clientDataB64, BouncyCastleClientCrypto.Instance);
return Tuple.Create(signRequest, clientDataB64, authRequest);
})
.ToList();
new U2FClient(
new DummySender("http://example.com", new JObject()),
(o, a, ct) => Task.FromResult(true),
(o, a, ct) => Task.FromResult(true),
keyFactory,
BouncyCastleClientCrypto.Instance);
using (var u2f = await keyId.OpenAsync())
{
var key = new U2FDeviceKey(u2f);
var client = new U2FClientReferenceImpl(
BouncyCastleClientCrypto.Instance,
new SimpleOriginVerifier(new[] { "http://example.com", "https://example.com" }),
new ChannelProvider(),
server,
key,
SystemClock.Instance);
//client.Register("http://example.com", "vbfox");
//SaveDataStore(dataStore);
client.Authenticate("http://example.com", "vbfox");
SaveDataStore(dataStore);
}
Console.WriteLine("Done.");
Console.ReadLine();
}
private static async Task TestDual()
{
var hidFactory = Win32HidDeviceFactory.Instance;
var keyFactory = new U2FHidKeyFactory(hidFactory);
var keyIds = await keyFactory.FindAllAsync();
var keyId = keyIds.First();
using (var u2f = await keyId.OpenAsync())
{
var key = new U2FDeviceKey(u2f);
var dataStore = new InMemoryServerDataStore(new GuidSessionIdGenerator());
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
dataStore,
new BouncyCastleServerCrypto(),
new[] {"http://example.com", "https://example.com"});
var client = new U2FClientReferenceImpl(
BouncyCastleClientCrypto.Instance,
new SimpleOriginVerifier(new[] {"http://example.com", "https://example.com"}),
new ChannelProvider(),
server,
key,
SystemClock.Instance);
LoadDataStore(dataStore);
//client.Register("http://example.com", "vbfox");
//SaveDataStore(dataStore);
client.Authenticate("http://example.com", "vbfox");
SaveDataStore(dataStore);
}
Console.WriteLine("Done.");
Console.ReadLine();
}
// (currently, this test uses an enrollment browserdata during a signature)
public virtual void TestProcessSignResponse2()
{
mockDataStore.Setup(x => x.GetSignSessionData(SESSION_ID))
.Returns(new SignSessionData(ACCOUNT_NAME, APP_ID_2, SERVER_CHALLENGE_SIGN, USER_PUBLIC_KEY_2));
mockDataStore.Setup(x => x.GetSecurityKeyData(ACCOUNT_NAME))
.Returns(new List<SecurityKeyData>
{
new SecurityKeyData(0L, KEY_HANDLE_2, USER_PUBLIC_KEY_2, VENDOR_CERTIFICATE, 0)
});
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto, TRUSTED_DOMAINS);
var signResponse = new SignResponse(BROWSER_DATA_2_BASE64, SIGN_DATA_2_BASE64, CHALLENGE_2_BASE64, SESSION_ID, APP_ID_2);
u2FServer.ProcessSignResponse(signResponse);
}
public virtual void TestProcessSignResponseBadOrigin()
{
mockDataStore.Setup(x => x.GetSignSessionData(SESSION_ID))
.Returns(new SignSessionData(ACCOUNT_NAME, APP_ID_SIGN, SERVER_CHALLENGE_SIGN, USER_PUBLIC_KEY_SIGN_HEX));
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object
, mockDataStore.Object, crypto, new List<string> { "http://some-other-domain.com"});
var signResponse = new SignResponse(BROWSER_DATA_SIGN_BASE64, SIGN_RESPONSE_DATA_BASE64, SERVER_CHALLENGE_SIGN_BASE64, SESSION_ID, APP_ID_SIGN);
try
{
u2FServer.ProcessSignResponse(signResponse);
Assert.Fail("expected exception, but didn't get it");
}
catch (U2FException e)
{
Assert.IsTrue(e.Message.Contains("is not a recognized home origin"));
}
}
public virtual void TestProcessSignResponse()
{
mockDataStore.Setup(x => x.GetSignSessionData(SESSION_ID))
.Returns(new SignSessionData(ACCOUNT_NAME, APP_ID_SIGN, SERVER_CHALLENGE_SIGN, USER_PUBLIC_KEY_SIGN_HEX));
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var signResponse = new SignResponse(BROWSER_DATA_SIGN_BASE64, SIGN_RESPONSE_DATA_BASE64,
SERVER_CHALLENGE_SIGN_BASE64, SESSION_ID, APP_ID_SIGN);
u2FServer.ProcessSignResponse(signResponse);
}
public virtual void TestGetSignRequest()
{
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
mockChallengeGenerator.Setup(x => x.GenerateChallenge(ACCOUNT_NAME))
.Returns(SERVER_CHALLENGE_SIGN);
var signRequest = u2FServer.GetSignRequests(ACCOUNT_NAME, APP_ID_SIGN);
var expected = new SignRequest("U2F_V2", SERVER_CHALLENGE_SIGN_BASE64, APP_ID_SIGN, KEY_HANDLE_BASE64,
SESSION_ID);
Assert.AreEqual(expected, signRequest[0]);
}
public virtual void TestProcessRegistrationResponse2()
{
mockDataStore.Setup(x => x.GetEnrollSessionData(SESSION_ID))
.Returns(new EnrollSessionData(ACCOUNT_NAME, APP_ID_ENROLL, SERVER_CHALLENGE_ENROLL));
var trustedCertificates = new List<X509Certificate>();
trustedCertificates.Add(VENDOR_CERTIFICATE);
trustedCertificates.Add(TRUSTED_CERTIFICATE_2);
mockDataStore.Setup(x => x.GetTrustedCertificates()).Returns(trustedCertificates);
var u2FServer = new U2FServerReferenceImpl(mockChallengeGenerator.Object, mockDataStore.Object, crypto,
TRUSTED_DOMAINS);
var registrationResponse = new RegisterResponse(REGISTRATION_DATA_2_BASE64, BROWSER_DATA_2_BASE64,
SESSION_ID);
u2FServer.ProcessRegistrationResponse(registrationResponse, 0L);
var expectedKeyData = new SecurityKeyData(0L, null, KEY_HANDLE_2, USER_PUBLIC_KEY_2, TRUSTED_CERTIFICATE_2,
0);
mockDataStore.Verify(x => x.AddSecurityKeyData(ACCOUNT_NAME, expectedKeyData));
}
private static void TestSoftwareOnly()
{
var key = new U2FKeyReferenceImpl(
TestVectors.VENDOR_CERTIFICATE,
TestVectors.VENDOR_CERTIFICATE_PRIVATE_KEY,
new TestKeyPairGenerator(),
new GuidKeyHandleGenerator(),
new InMemoryKeyDataStore(),
new ConsolePresenceVerifier(),
new BouncyCastleKeyCrypto());
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
new InMemoryServerDataStore(new GuidSessionIdGenerator()),
new BouncyCastleServerCrypto(),
new [] { "http://example.com", "https://example.com" });
var client = new U2FClientReferenceImpl(
BouncyCastleClientCrypto.Instance,
new SimpleOriginVerifier(new[] {"http://example.com", "https://example.com"}),
new ChannelProvider(),
server,
key,
SystemClock.Instance);
client.Register("http://example.com", "vbfox");
client.Authenticate("http://example.com", "vbfox");
Console.WriteLine("Done.");
Console.ReadLine();
}
private static async Task TestNew()
{
var hidFactory = Win32HidDeviceFactory.Instance;
var keyFactory = new U2FHidKeyFactory(hidFactory);
var keyIds = await keyFactory.FindAllAsync();
var keyId = keyIds.First();
var dataStore = new InMemoryServerDataStore(new GuidSessionIdGenerator());
LoadDataStore(dataStore);
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
dataStore,
new BouncyCastleServerCrypto(),
new[] { "http://example.com", "https://example.com" });
var myClient = new U2FClient(
new DummySender("http://example.com", new JObject()),
(o, a, ct) => Task.FromResult(true),
(o, a, ct) => Task.FromResult(true),
keyFactory,
BouncyCastleClientCrypto.Instance);
var signRequests = server.GetSignRequests("vbfox", "http://example.com");
var x = await myClient.Sign(signRequests, CancellationToken.None);
return;
var origin = "http://example.com";
var channelId = new JObject();
var requestAndClientDatas = signRequests
.Select(signRequest =>
{
string clientDataB64;
var authRequest = U2FClientReferenceImpl.SignRequestToAuthenticateRequest("http://example.com", signRequest, new JObject(),
out clientDataB64, BouncyCastleClientCrypto.Instance);
return(Tuple.Create(signRequest, clientDataB64, authRequest));
})
.ToList();
new U2FClient(
new DummySender("http://example.com", new JObject()),
(o, a, ct) => Task.FromResult(true),
(o, a, ct) => Task.FromResult(true),
keyFactory,
BouncyCastleClientCrypto.Instance);
using (var u2f = await keyId.OpenAsync())
{
var key = new U2FDeviceKey(u2f);
var client = new U2FClientReferenceImpl(
BouncyCastleClientCrypto.Instance,
new SimpleOriginVerifier(new[] { "http://example.com", "https://example.com" }),
new ChannelProvider(),
server,
key,
SystemClock.Instance);
//client.Register("http://example.com", "vbfox");
//SaveDataStore(dataStore);
client.Authenticate("http://example.com", "vbfox");
SaveDataStore(dataStore);
}
Console.WriteLine("Done.");
Console.ReadLine();
}
private static async Task TestNew2()
{
var hidFactory = Win32HidDeviceFactory.Instance;
var keyFactory = new U2FHidKeyFactory(hidFactory);
var dataStore = new InMemoryServerDataStore(new GuidSessionIdGenerator());
LoadDataStore(dataStore);
var server = new U2FServerReferenceImpl(
new ChallengeGenerator(),
dataStore,
new BouncyCastleServerCrypto(),
new[] {"http://example.com", "https://example.com"});
var myClient = new U2FClient(
new DummySender("http://example.com", new JObject()),
keyFactory);
Console.WriteLine("Register or Sign ? (r/s)");
var mode = Console.ReadLine();
if (mode == "s")
{
var signRequests = server.GetSignRequests("vbfox", "http://example.com");
Console.WriteLine("Sign requests obtained ({0})", signRequests.Count);
var cts = new CancellationTokenSource(TimeSpan.FromMinutes(10));
var x = await myClient.Sign(signRequests, cts.Token);
Console.WriteLine("Signature done {0}", x);
if (x != null)
{
var serverResp = server.ProcessSignResponse(x);
Console.WriteLine("Server ok: {0}", serverResp);
SaveDataStore(dataStore);
}
}
else if (mode == "r")
{
var signRequests = server.GetSignRequests("vbfox", "http://example.com");
var regRequest = server.GetRegistrationRequest("vbfox", "http://example.com");
var cts = new CancellationTokenSource(TimeSpan.FromMinutes(10));
var x = await myClient.Register(new[] { regRequest }, signRequests, cts.Token);
Console.WriteLine("Authentication done {0}", x);
if (x != null)
{
var serverResp = server.ProcessRegistrationResponse(x, ToUnixTimeMilliseconds(SystemClock.Instance.Now));
Console.WriteLine("Server ok: {0}", serverResp);
SaveDataStore(dataStore);
}
}
else
{
Console.WriteLine("???");
}
Console.ReadLine();
return;
}