Exemple #1
0
        public bool AuthenticateUser(string userName, string deviceResponse)
        {
            if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse))
                return false;

            User user = _userRepository.FindUser(userName);
            if (user == null)
                return false;

            AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson<AuthenticateResponse>(deviceResponse);

            var device = user.DeviceRegistrations.FirstOrDefault(f=> f.KeyHandle.SequenceEqual(Utils.Base64StringToByteArray(authenticateResponse.KeyHandle)));

            if (device == null || user.AuthenticationRequest == null)
                return false;

            // User will have a authentication request for each device they have registered so get the one that matches the device key handle
            AuthenticationRequest authenticationRequest = user.AuthenticationRequest.First(f => f.KeyHandle.Equals(authenticateResponse.KeyHandle));
            DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, Convert.ToUInt32(device.Counter));

            StartedAuthentication authentication = new StartedAuthentication(authenticationRequest.Challenge, authenticationRequest.AppId, authenticationRequest.KeyHandle);

            U2F.FinishAuthentication(authentication, authenticateResponse, registration);

            _userRepository.RemoveUsersAuthenticationRequests(user.Name);
            _userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter);

            return true;
        }
        public bool AuthenticateUser(string userName, string deviceResponse)
        {
            if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse))
                return false;

            User user = _userRepository.FindUser(userName);
            if (user == null)
                return false;

            AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson<AuthenticateResponse>(deviceResponse);

            var device = user.DeviceRegistrations.FirstOrDefault();

            if (device == null || user.AuthenticationRequest == null)
                return false;

            DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, device.Counter);

            StartedAuthentication authentication = new StartedAuthentication(user.AuthenticationRequest.Challenge, user.AuthenticationRequest.AppId, user.AuthenticationRequest.KeyHandle);

            U2F.FinishAuthentication(authentication, authenticateResponse, registration);

            _userRepository.RemoveUsersAuthenticationRequest(user.Name);
            _userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter);

            return true;
        }
        public void StartedAuthentication_Equals()
        {
            StartedAuthentication sameStartedAuthentication = new StartedAuthentication(
                TestConts.SERVER_CHALLENGE_SIGN_BASE64,
                TestConts.APP_ID_ENROLL,
                TestConts.KEY_HANDLE_BASE64);
            StartedAuthentication startedAuthentication = StartedAuthentication.FromJson<StartedAuthentication>(JsonData);

            Assert.IsTrue(startedAuthentication.Equals(sameStartedAuthentication));
        }
        public void Setup()
        {
            StartedAuthentication startedAuthentication =
                new StartedAuthentication(TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_ID_ENROLL,
                                          TestConts.KEY_HANDLE_BASE64);
            _authenticateResponse = new AuthenticateResponse(TestConts.CLIENT_DATA_AUTHENTICATE_BASE64,
                                                                                 TestConts.SIGN_RESPONSE_DATA_BASE64,
                                                                                 TestConts.KEY_HANDLE_BASE64);

            clientData = _authenticateResponse.GetClientData();
            clientData.CheckContent(AuthenticateTyp, startedAuthentication.Challenge, null);
        }
Exemple #5
0
        /**
        * Finishes a previously started authentication.
        *
        * @param startedAuthentication
        * @param response the response from the token/client.
        * @return the new value of the DeviceRegistration's counter.
        */
        public static void FinishAuthentication(StartedAuthentication startedAuthentication,
                                                              AuthenticateResponse response,
                                                              DeviceRegistration deviceRegistration,
                                                              HashSet<String> facets = null)
        {
            ClientData clientData = response.GetClientData();
            clientData.CheckContent(AuthenticateTyp, startedAuthentication.Challenge, facets);

            RawAuthenticateResponse authenticateResponse = RawAuthenticateResponse.FromBase64(response.SignatureData);
            authenticateResponse.CheckSignature(startedAuthentication.AppId, clientData.AsJson(), deviceRegistration.PublicKey);
            authenticateResponse.CheckUserPresence();

            deviceRegistration.CheckAndUpdateCounter(authenticateResponse.Counter);
        }
        public void StartedAuthentication_ConstructsProperly()
        {
            StartedAuthentication startedAuthentication = new StartedAuthentication(
                    TestConts.SERVER_CHALLENGE_SIGN_BASE64,
                    TestConts.APP_ID_ENROLL,
                    TestConts.KEY_HANDLE_BASE64);

            Assert.IsNotNull(startedAuthentication);
            Assert.IsNotNull(startedAuthentication.Version);
            Assert.IsNotNull(startedAuthentication.ToJson());
            Assert.IsTrue(startedAuthentication.GetHashCode() != 0);
            Assert.AreEqual(TestConts.APP_ID_ENROLL, startedAuthentication.AppId);
            Assert.AreEqual(TestConts.KEY_HANDLE_BASE64, startedAuthentication.KeyHandle);
            Assert.AreEqual(TestConts.SERVER_CHALLENGE_SIGN_BASE64, startedAuthentication.Challenge);
        }
Exemple #7
0
        public void U2F_FinishAuthentication()
        {
            StartedAuthentication startedAuthentication = new StartedAuthentication(
                TestConts.SERVER_CHALLENGE_SIGN_BASE64,
                TestConts.APP_SIGN_ID,
                TestConts.KEY_HANDLE_BASE64);

            AuthenticateResponse authenticateResponse = new AuthenticateResponse(
                TestConts.CLIENT_DATA_AUTHENTICATE_BASE64,
                TestConts.SIGN_RESPONSE_DATA_BASE64,
                TestConts.KEY_HANDLE_BASE64);

            DeviceRegistration deviceRegistration = new DeviceRegistration(TestConts.KEY_HANDLE_BASE64_BYTE, TestConts.USER_PUBLIC_KEY_AUTHENTICATE_HEX,
                Utils.Base64StringToByteArray(TestConts.ATTESTATION_CERTIFICATE), 0);

            uint orginalValue = deviceRegistration.Counter;

            U2F.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration);

            Assert.IsTrue(deviceRegistration.Counter != 0);
            Assert.AreNotEqual(orginalValue, deviceRegistration.Counter);
        }
        public override bool Equals(Object obj)
        {
            if (this == obj)
            {
                return(true);
            }
            if (obj == null)
            {
                return(false);
            }
            if (GetType() != obj.GetType())
            {
                return(false);
            }
            StartedAuthentication other = (StartedAuthentication)obj;

            if (AppId == null)
            {
                if (other.AppId != null)
                {
                    return(false);
                }
            }
            else if (!AppId.Equals(other.AppId))
            {
                return(false);
            }
            if (Challenge == null)
            {
                if (other.Challenge != null)
                {
                    return(false);
                }
            }
            else if (!Challenge.Equals(other.Challenge))
            {
                return(false);
            }
            if (KeyHandle == null)
            {
                if (other.KeyHandle != null)
                {
                    return(false);
                }
            }
            else if (!KeyHandle.Equals(other.KeyHandle))
            {
                return(false);
            }
            if (Version == null)
            {
                if (other.Version != null)
                {
                    return(false);
                }
            }
            else if (!Version.Equals(other.Version))
            {
                return(false);
            }
            return(true);
        }
        private void CreateResponses()
        {
            _startedRegistration = new StartedRegistration(TestConts.SERVER_CHALLENGE_REGISTER_BASE64, TestConts.APP_ID_ENROLL);

            _registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64,
                                                                     TestConts.CLIENT_DATA_REGISTER_BASE64);

            _deviceRegistration = new DeviceRegistration(
                TestConts.KEY_HANDLE_BASE64_BYTE,
                TestConts.USER_PUBLIC_KEY_AUTHENTICATE_HEX,
                Utils.Base64StringToByteArray(TestConts.ATTESTATION_CERTIFICATE),
                0);

            _authenticateResponse = new AuthenticateResponse(
                TestConts.CLIENT_DATA_AUTHENTICATE_BASE64,
                TestConts.SIGN_RESPONSE_DATA_BASE64,
                TestConts.KEY_HANDLE_BASE64);

            _startedAuthentication = new StartedAuthentication(
                    TestConts.SERVER_CHALLENGE_SIGN_BASE64,
                    TestConts.APP_SIGN_ID,
                    TestConts.KEY_HANDLE_BASE64);
        }