private static void ExpectClientDataType(FidoClientData clientData, string expectedType)
        {
            if (clientData.Type == expectedType)
            {
                return;
            }

            var message = String.Format("Unexpected type in client data (expected '{0}' but was '{1}')",
                                        expectedType, clientData.Type);

            throw new InvalidOperationException(message);
        }
        public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
        {
            var jsonObject = JObject.Load(reader);
            var properties = jsonObject.Properties().ToLookup(x => x.Name.ToLowerInvariant());

            var serializedRegistrationData = properties["registrationdata"].Single().Value.ToString();
            var serializedClientData       = properties["clientdata"].Single().Value.ToString();

            return(new FidoRegisterResponse
            {
                RegistrationData = FidoRegistrationData.FromWebSafeBase64(serializedRegistrationData),
                ClientData = FidoClientData.FromWebSafeBase64(serializedClientData)
            });
        }
Exemple #3
0
        public static FidoClientData FromJson(string json)
        {
            if (json == null)
            {
                throw new ArgumentNullException("json");
            }

            var element = JObject.Parse(json);

            if (element == null)
            {
                throw new InvalidOperationException("Client data must be in JSON format");
            }

            JToken type, challenge, orgin;

            if (!element.TryGetValue("typ", out type))
            {
                throw new InvalidOperationException("Client data is missing 'typ' param");
            }
            if (!element.TryGetValue("challenge", out challenge))
            {
                throw new InvalidOperationException("Client data is missing 'challenge' param");
            }

            var clientData = new FidoClientData
            {
                _overriddenRawJsonValue = json,
                Type      = type.ToString(),
                Challenge = challenge.ToString()
            };

            if (element.TryGetValue("origin", out orgin))
            {
                clientData.Origin = orgin.ToString();
            }

            return(clientData);
        }
Exemple #4
0
 public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
 {
     return(FidoClientData.FromWebSafeBase64(reader.Value.ToString()));
 }
        private void VerifyAuthSignature(FidoAppId appId, FidoSignatureData signatureData, FidoClientData clientData,
                                         FidoDeviceRegistration deviceRegistration)
        {
            if (appId == null)
            {
                throw new ArgumentNullException("appId");
            }
            if (signatureData == null)
            {
                throw new ArgumentNullException("signatureData");
            }
            if (clientData == null)
            {
                throw new ArgumentNullException("clientData");
            }
            if (deviceRegistration == null)
            {
                throw new ArgumentNullException("deviceRegistration");
            }

            if (String.IsNullOrEmpty(clientData.RawJsonValue))
            {
                throw new InvalidOperationException("Client data has no JSON representation");
            }

            var counterBytes = BitConverter.GetBytes(signatureData.Counter);

            if (BitConverter.IsLittleEndian)
            {
                Array.Reverse(counterBytes);
            }

            var signedBytes = PackBytes(
                Helpers.Sha256(appId.ToString()),
                new [] { signatureData.UserPresence },
                counterBytes,
                Helpers.Sha256(clientData.RawJsonValue));

            VerifySignature(deviceRegistration, signatureData.Signature, signedBytes);

            if (signatureData.UserPresence != UserPresentFlag)
            {
                throw new InvalidOperationException("User presence invalid during authentication");
            }
        }
        private void VerifyResponseSignature(FidoAppId appId, FidoRegistrationData registrationData, FidoClientData clientData)
        {
            if (appId == null)
            {
                throw new ArgumentNullException("appId");
            }
            if (registrationData == null)
            {
                throw new ArgumentNullException("registrationData");
            }
            if (clientData == null)
            {
                throw new ArgumentNullException("clientData");
            }

            if (String.IsNullOrEmpty(clientData.RawJsonValue))
            {
                throw new InvalidOperationException("Client data has no JSON representation");
            }

            var signedBytes = PackBytes(
                new byte[] { 0 },
                Helpers.Sha256(appId.ToString()),
                Helpers.Sha256(clientData.RawJsonValue),
                registrationData.KeyHandle.ToByteArray(),
                registrationData.UserPublicKey.ToByteArray());

            VerifySignature(registrationData.AttestationCertificate, registrationData.Signature, signedBytes);
        }
Exemple #7
0
 public FidoAuthenticateResponse(FidoClientData clientData, FidoSignatureData signatureData, FidoKeyHandle keyHandle)
 {
     ClientData    = clientData;
     SignatureData = signatureData;
     KeyHandle     = keyHandle;
 }