private static void ExpectClientDataType(FidoClientData clientData, string expectedType)
{
if (clientData.Type == expectedType)
{
return;
}
var message = String.Format("Unexpected type in client data (expected '{0}' but was '{1}')",
expectedType, clientData.Type);
throw new InvalidOperationException(message);
}
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
{
var jsonObject = JObject.Load(reader);
var properties = jsonObject.Properties().ToLookup(x => x.Name.ToLowerInvariant());
var serializedRegistrationData = properties["registrationdata"].Single().Value.ToString();
var serializedClientData = properties["clientdata"].Single().Value.ToString();
return(new FidoRegisterResponse
{
RegistrationData = FidoRegistrationData.FromWebSafeBase64(serializedRegistrationData),
ClientData = FidoClientData.FromWebSafeBase64(serializedClientData)
});
}
public static FidoClientData FromJson(string json)
{
if (json == null)
{
throw new ArgumentNullException("json");
}
var element = JObject.Parse(json);
if (element == null)
{
throw new InvalidOperationException("Client data must be in JSON format");
}
JToken type, challenge, orgin;
if (!element.TryGetValue("typ", out type))
{
throw new InvalidOperationException("Client data is missing 'typ' param");
}
if (!element.TryGetValue("challenge", out challenge))
{
throw new InvalidOperationException("Client data is missing 'challenge' param");
}
var clientData = new FidoClientData
{
_overriddenRawJsonValue = json,
Type = type.ToString(),
Challenge = challenge.ToString()
};
if (element.TryGetValue("origin", out orgin))
{
clientData.Origin = orgin.ToString();
}
return(clientData);
}
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
{
return(FidoClientData.FromWebSafeBase64(reader.Value.ToString()));
}
private void VerifyAuthSignature(FidoAppId appId, FidoSignatureData signatureData, FidoClientData clientData,
FidoDeviceRegistration deviceRegistration)
{
if (appId == null)
{
throw new ArgumentNullException("appId");
}
if (signatureData == null)
{
throw new ArgumentNullException("signatureData");
}
if (clientData == null)
{
throw new ArgumentNullException("clientData");
}
if (deviceRegistration == null)
{
throw new ArgumentNullException("deviceRegistration");
}
if (String.IsNullOrEmpty(clientData.RawJsonValue))
{
throw new InvalidOperationException("Client data has no JSON representation");
}
var counterBytes = BitConverter.GetBytes(signatureData.Counter);
if (BitConverter.IsLittleEndian)
{
Array.Reverse(counterBytes);
}
var signedBytes = PackBytes(
Helpers.Sha256(appId.ToString()),
new [] { signatureData.UserPresence },
counterBytes,
Helpers.Sha256(clientData.RawJsonValue));
VerifySignature(deviceRegistration, signatureData.Signature, signedBytes);
if (signatureData.UserPresence != UserPresentFlag)
{
throw new InvalidOperationException("User presence invalid during authentication");
}
}
private void VerifyResponseSignature(FidoAppId appId, FidoRegistrationData registrationData, FidoClientData clientData)
{
if (appId == null)
{
throw new ArgumentNullException("appId");
}
if (registrationData == null)
{
throw new ArgumentNullException("registrationData");
}
if (clientData == null)
{
throw new ArgumentNullException("clientData");
}
if (String.IsNullOrEmpty(clientData.RawJsonValue))
{
throw new InvalidOperationException("Client data has no JSON representation");
}
var signedBytes = PackBytes(
new byte[] { 0 },
Helpers.Sha256(appId.ToString()),
Helpers.Sha256(clientData.RawJsonValue),
registrationData.KeyHandle.ToByteArray(),
registrationData.UserPublicKey.ToByteArray());
VerifySignature(registrationData.AttestationCertificate, registrationData.Signature, signedBytes);
}
public FidoAuthenticateResponse(FidoClientData clientData, FidoSignatureData signatureData, FidoKeyHandle keyHandle)
{
ClientData = clientData;
SignatureData = signatureData;
KeyHandle = keyHandle;
}