public bool AuthenticateUser(string userName, string deviceResponse)
{
if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse))
return false;
User user = _userRepository.FindUser(userName);
if (user == null)
return false;
AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson<AuthenticateResponse>(deviceResponse);
var device = user.DeviceRegistrations.FirstOrDefault(f=> f.KeyHandle.SequenceEqual(Utils.Base64StringToByteArray(authenticateResponse.KeyHandle)));
if (device == null || user.AuthenticationRequest == null)
return false;
// User will have a authentication request for each device they have registered so get the one that matches the device key handle
AuthenticationRequest authenticationRequest = user.AuthenticationRequest.First(f => f.KeyHandle.Equals(authenticateResponse.KeyHandle));
DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, Convert.ToUInt32(device.Counter));
StartedAuthentication authentication = new StartedAuthentication(authenticationRequest.Challenge, authenticationRequest.AppId, authenticationRequest.KeyHandle);
U2F.FinishAuthentication(authentication, authenticateResponse, registration);
_userRepository.RemoveUsersAuthenticationRequests(user.Name);
_userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter);
return true;
}
public bool AuthenticateUser(string userName, string deviceResponse)
{
if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse))
return false;
User user = _userRepository.FindUser(userName);
if (user == null)
return false;
AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson<AuthenticateResponse>(deviceResponse);
var device = user.DeviceRegistrations.FirstOrDefault();
if (device == null || user.AuthenticationRequest == null)
return false;
DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, device.Counter);
StartedAuthentication authentication = new StartedAuthentication(user.AuthenticationRequest.Challenge, user.AuthenticationRequest.AppId, user.AuthenticationRequest.KeyHandle);
U2F.FinishAuthentication(authentication, authenticateResponse, registration);
_userRepository.RemoveUsersAuthenticationRequest(user.Name);
_userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter);
return true;
}
public void StartedAuthentication_Equals()
{
StartedAuthentication sameStartedAuthentication = new StartedAuthentication(
TestConts.SERVER_CHALLENGE_SIGN_BASE64,
TestConts.APP_ID_ENROLL,
TestConts.KEY_HANDLE_BASE64);
StartedAuthentication startedAuthentication = StartedAuthentication.FromJson<StartedAuthentication>(JsonData);
Assert.IsTrue(startedAuthentication.Equals(sameStartedAuthentication));
}
public void Setup()
{
StartedAuthentication startedAuthentication =
new StartedAuthentication(TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_ID_ENROLL,
TestConts.KEY_HANDLE_BASE64);
_authenticateResponse = new AuthenticateResponse(TestConts.CLIENT_DATA_AUTHENTICATE_BASE64,
TestConts.SIGN_RESPONSE_DATA_BASE64,
TestConts.KEY_HANDLE_BASE64);
clientData = _authenticateResponse.GetClientData();
clientData.CheckContent(AuthenticateTyp, startedAuthentication.Challenge, null);
}
/**
* Finishes a previously started authentication.
*
* @param startedAuthentication
* @param response the response from the token/client.
* @return the new value of the DeviceRegistration's counter.
*/
public static void FinishAuthentication(StartedAuthentication startedAuthentication,
AuthenticateResponse response,
DeviceRegistration deviceRegistration,
HashSet<String> facets = null)
{
ClientData clientData = response.GetClientData();
clientData.CheckContent(AuthenticateTyp, startedAuthentication.Challenge, facets);
RawAuthenticateResponse authenticateResponse = RawAuthenticateResponse.FromBase64(response.SignatureData);
authenticateResponse.CheckSignature(startedAuthentication.AppId, clientData.AsJson(), deviceRegistration.PublicKey);
authenticateResponse.CheckUserPresence();
deviceRegistration.CheckAndUpdateCounter(authenticateResponse.Counter);
}
public void StartedAuthentication_ConstructsProperly()
{
StartedAuthentication startedAuthentication = new StartedAuthentication(
TestConts.SERVER_CHALLENGE_SIGN_BASE64,
TestConts.APP_ID_ENROLL,
TestConts.KEY_HANDLE_BASE64);
Assert.IsNotNull(startedAuthentication);
Assert.IsNotNull(startedAuthentication.Version);
Assert.IsNotNull(startedAuthentication.ToJson());
Assert.IsTrue(startedAuthentication.GetHashCode() != 0);
Assert.AreEqual(TestConts.APP_ID_ENROLL, startedAuthentication.AppId);
Assert.AreEqual(TestConts.KEY_HANDLE_BASE64, startedAuthentication.KeyHandle);
Assert.AreEqual(TestConts.SERVER_CHALLENGE_SIGN_BASE64, startedAuthentication.Challenge);
}
public void U2F_FinishAuthentication()
{
StartedAuthentication startedAuthentication = new StartedAuthentication(
TestConts.SERVER_CHALLENGE_SIGN_BASE64,
TestConts.APP_SIGN_ID,
TestConts.KEY_HANDLE_BASE64);
AuthenticateResponse authenticateResponse = new AuthenticateResponse(
TestConts.CLIENT_DATA_AUTHENTICATE_BASE64,
TestConts.SIGN_RESPONSE_DATA_BASE64,
TestConts.KEY_HANDLE_BASE64);
DeviceRegistration deviceRegistration = new DeviceRegistration(TestConts.KEY_HANDLE_BASE64_BYTE, TestConts.USER_PUBLIC_KEY_AUTHENTICATE_HEX,
Utils.Base64StringToByteArray(TestConts.ATTESTATION_CERTIFICATE), 0);
uint orginalValue = deviceRegistration.Counter;
U2F.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration);
Assert.IsTrue(deviceRegistration.Counter != 0);
Assert.AreNotEqual(orginalValue, deviceRegistration.Counter);
}
public override bool Equals(Object obj)
{
if (this == obj)
{
return(true);
}
if (obj == null)
{
return(false);
}
if (GetType() != obj.GetType())
{
return(false);
}
StartedAuthentication other = (StartedAuthentication)obj;
if (AppId == null)
{
if (other.AppId != null)
{
return(false);
}
}
else if (!AppId.Equals(other.AppId))
{
return(false);
}
if (Challenge == null)
{
if (other.Challenge != null)
{
return(false);
}
}
else if (!Challenge.Equals(other.Challenge))
{
return(false);
}
if (KeyHandle == null)
{
if (other.KeyHandle != null)
{
return(false);
}
}
else if (!KeyHandle.Equals(other.KeyHandle))
{
return(false);
}
if (Version == null)
{
if (other.Version != null)
{
return(false);
}
}
else if (!Version.Equals(other.Version))
{
return(false);
}
return(true);
}
private void CreateResponses()
{
_startedRegistration = new StartedRegistration(TestConts.SERVER_CHALLENGE_REGISTER_BASE64, TestConts.APP_ID_ENROLL);
_registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64,
TestConts.CLIENT_DATA_REGISTER_BASE64);
_deviceRegistration = new DeviceRegistration(
TestConts.KEY_HANDLE_BASE64_BYTE,
TestConts.USER_PUBLIC_KEY_AUTHENTICATE_HEX,
Utils.Base64StringToByteArray(TestConts.ATTESTATION_CERTIFICATE),
0);
_authenticateResponse = new AuthenticateResponse(
TestConts.CLIENT_DATA_AUTHENTICATE_BASE64,
TestConts.SIGN_RESPONSE_DATA_BASE64,
TestConts.KEY_HANDLE_BASE64);
_startedAuthentication = new StartedAuthentication(
TestConts.SERVER_CHALLENGE_SIGN_BASE64,
TestConts.APP_SIGN_ID,
TestConts.KEY_HANDLE_BASE64);
}
