public void SerializeObject()
{
var fidoAppId = new FidoAppId("http://example.com");
var serialized = JsonConvert.SerializeObject(fidoAppId);
Assert.AreEqual("\"http://example.com\"", serialized);
}
private void VerifyResponseSignature(FidoAppId appId, FidoRegistrationData registrationData, FidoClientData clientData)
{
if (appId == null)
{
throw new ArgumentNullException("appId");
}
if (registrationData == null)
{
throw new ArgumentNullException("registrationData");
}
if (clientData == null)
{
throw new ArgumentNullException("clientData");
}
if (String.IsNullOrEmpty(clientData.RawJsonValue))
{
throw new InvalidOperationException("Client data has no JSON representation");
}
var signedBytes = PackBytes(
new byte[] { 0 },
Helpers.Sha256(appId.ToString()),
Helpers.Sha256(clientData.RawJsonValue),
registrationData.KeyHandle.ToByteArray(),
registrationData.UserPublicKey.ToByteArray());
VerifySignature(registrationData.AttestationCertificate, registrationData.Signature, signedBytes);
}
public FidoStartedRegistration StartRegistration(FidoAppId appId)
{
var challengeBytes = _generateFidoChallenge.GenerateChallenge();
var challenge = WebSafeBase64Converter.ToBase64String(challengeBytes);
return(new FidoStartedRegistration(appId, challenge));
}
public ActionResult Login(string keyHandle)
{
var model = new LoginDeviceViewModel {
KeyHandle = keyHandle
};
try
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == keyHandle);
if (deviceRegistration == null)
{
ModelState.AddModelError("", "Unknown key handle: " + keyHandle);
return(View(model));
}
var startedRegistration = u2f.StartAuthentication(appId, deviceRegistration);
model = new LoginDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
KeyHandle = startedRegistration.KeyHandle.ToWebSafeBase64(),
UserName = GetCurrentUser()
};
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
}
return(View(model));
}
public ActionResult Login(string keyHandle)
{
var model = new LoginDeviceViewModel { KeyHandle = keyHandle };
try
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == keyHandle);
if (deviceRegistration == null)
{
ModelState.AddModelError("", "Unknown key handle: " + keyHandle);
return View(model);
}
var startedRegistration = u2f.StartAuthentication(appId, deviceRegistration);
model = new LoginDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
KeyHandle = startedRegistration.KeyHandle.ToWebSafeBase64(),
UserName = GetCurrentUser()
};
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
}
return View(model);
}
public void SerializeObject()
{
var fidoAppId = new FidoAppId("http://example.com");
var serialized = JsonConvert.SerializeObject(fidoAppId);
Assert.AreEqual("\"http://example.com\"", serialized);
}
public FidoStartedRegistration(FidoAppId appId, string challenge)
{
if (appId == null) throw new ArgumentNullException("appId");
if (challenge == null) throw new ArgumentNullException("challenge");
AppId = appId;
Challenge = challenge;
}
public FidoStartedAuthentication(FidoAppId appId, string challenge, FidoKeyHandle keyHandle)
{
if (appId == null) throw new ArgumentNullException("appId");
if (challenge == null) throw new ArgumentNullException("challenge");
if (keyHandle == null) throw new ArgumentNullException("keyHandle");
AppId = appId;
Challenge = challenge;
KeyHandle = keyHandle;
}
public ActionResult TESTREG()
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var startedRegistration = u2f.StartRegistration(appId);
GetFidoRepository().StoreStartedRegistration(GetCurrentUser(), startedRegistration);
var model = new RegisterNewDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
UserName = GetCurrentUser()
};
return(View(model));
}
public FidoStartedAuthentication StartAuthentication(FidoAppId appId, FidoDeviceRegistration deviceRegistration)
{
if (appId == null)
{
throw new ArgumentNullException("appId");
}
if (deviceRegistration == null)
{
throw new ArgumentNullException("deviceRegistration");
}
var challenge = _generateFidoChallenge.GenerateChallenge();
return(new FidoStartedAuthentication(appId,
WebSafeBase64Converter.ToBase64String(challenge),
deviceRegistration.KeyHandle));
}
private void VerifyAuthSignature(FidoAppId appId, FidoSignatureData signatureData, FidoClientData clientData,
FidoDeviceRegistration deviceRegistration)
{
if (appId == null)
{
throw new ArgumentNullException("appId");
}
if (signatureData == null)
{
throw new ArgumentNullException("signatureData");
}
if (clientData == null)
{
throw new ArgumentNullException("clientData");
}
if (deviceRegistration == null)
{
throw new ArgumentNullException("deviceRegistration");
}
if (String.IsNullOrEmpty(clientData.RawJsonValue))
{
throw new InvalidOperationException("Client data has no JSON representation");
}
var counterBytes = BitConverter.GetBytes(signatureData.Counter);
if (BitConverter.IsLittleEndian)
{
Array.Reverse(counterBytes);
}
var signedBytes = PackBytes(
Helpers.Sha256(appId.ToString()),
new [] { signatureData.UserPresence },
counterBytes,
Helpers.Sha256(clientData.RawJsonValue));
VerifySignature(deviceRegistration, signatureData.Signature, signedBytes);
if (signatureData.UserPresence != UserPresentFlag)
{
throw new InvalidOperationException("User presence invalid during authentication");
}
}
public ActionResult Register(NewUserViewModel newUserModel)
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var startedRegistration = u2f.StartRegistration(appId);
GetFidoRepository().StoreStartedRegistration(newUserModel.UserName, startedRegistration);
var model = new RegisterNewDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
UserName = newUserModel.UserName,
Email = newUserModel.Email
};
return(View(model));
}
public ActionResult Login(LoginDeviceViewModel model)
{
model = model ?? new LoginDeviceViewModel();
try
{
if (!String.IsNullOrEmpty(model.RawAuthenticationResponse))
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle);
if (deviceRegistration == null)
{
ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle);
return(View(new LoginDeviceViewModel()));
}
var challenge = model.Challenge;
var startedAuthentication = new FidoStartedAuthentication(appId, challenge,
FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? ""));
var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains());
// save the counter somewhere, the device registration of the next authentication should use this updated counter
//deviceRegistration.Counter = counter;
return(RedirectToAction("LoginSuccess"));
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
}
return(View(model));
}
public override void OnActionExecuting(ActionExecutingContext context)
{
AppId = new FidoAppId(string.Format("{0}://{1}", Request.Scheme, Request.Host));
base.OnActionExecuting(context);
}
public FidoStartedAuthentication StartAuthentication(FidoAppId appId, FidoDeviceRegistration deviceRegistration)
{
if (appId == null) throw new ArgumentNullException("appId");
if (deviceRegistration == null) throw new ArgumentNullException("deviceRegistration");
var challenge = _generateFidoChallenge.GenerateChallenge();
return new FidoStartedAuthentication(appId,
WebSafeBase64Converter.ToBase64String(challenge),
deviceRegistration.KeyHandle);
}
public FidoStartedRegistration StartRegistration(FidoAppId appId)
{
var challengeBytes = _generateFidoChallenge.GenerateChallenge();
var challenge = WebSafeBase64Converter.ToBase64String(challengeBytes);
return new FidoStartedRegistration(appId, challenge);
}
private void VerifyAuthSignature(FidoAppId appId, FidoSignatureData signatureData, FidoClientData clientData,
FidoDeviceRegistration deviceRegistration)
{
if (appId == null) throw new ArgumentNullException("appId");
if (signatureData == null) throw new ArgumentNullException("signatureData");
if (clientData == null) throw new ArgumentNullException("clientData");
if (deviceRegistration == null) throw new ArgumentNullException("deviceRegistration");
if (String.IsNullOrEmpty(clientData.RawJsonValue))
throw new InvalidOperationException("Client data has no JSON representation");
var counterBytes = BitConverter.GetBytes(signatureData.Counter);
if (BitConverter.IsLittleEndian)
Array.Reverse(counterBytes);
var signedBytes = PackBytes(
Helpers.Sha256(appId.ToString()),
new [] { signatureData.UserPresence },
counterBytes,
Helpers.Sha256(clientData.RawJsonValue));
VerifySignature(deviceRegistration, signatureData.Signature, signedBytes);
if (signatureData.UserPresence != UserPresentFlag)
throw new InvalidOperationException("User presence invalid during authentication");
}
private void VerifyResponseSignature(FidoAppId appId, FidoRegistrationData registrationData, FidoClientData clientData)
{
if (appId == null) throw new ArgumentNullException("appId");
if (registrationData == null) throw new ArgumentNullException("registrationData");
if (clientData == null) throw new ArgumentNullException("clientData");
if (String.IsNullOrEmpty(clientData.RawJsonValue))
throw new InvalidOperationException("Client data has no JSON representation");
var signedBytes = PackBytes(
new byte[] { 0 },
Helpers.Sha256(appId.ToString()),
Helpers.Sha256(clientData.RawJsonValue),
registrationData.KeyHandle.ToByteArray(),
registrationData.UserPublicKey.ToByteArray());
VerifySignature(registrationData.AttestationCertificate, registrationData.Signature, signedBytes);
}
public ActionResult Login(LoginDeviceViewModel model)
{
model = model ?? new LoginDeviceViewModel();
try
{
if (!String.IsNullOrEmpty(model.RawAuthenticationResponse))
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle);
if (deviceRegistration == null)
{
ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle);
return View(new LoginDeviceViewModel());
}
var challenge = model.Challenge;
var startedAuthentication = new FidoStartedAuthentication(appId, challenge,
FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? ""));
var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains());
// save the counter somewhere, the device registration of the next authentication should use this updated counter
deviceRegistration.Counter = counter;
return RedirectToAction("LoginSuccess");
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
}
return View(model);
}
public ActionResult Register()
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var startedRegistration = u2f.StartRegistration(appId);
GetFidoRepository().StoreStartedRegistration(GetCurrentUser(), startedRegistration);
var model = new RegisterNewDeviceViewModel
{
AppId = startedRegistration.AppId.ToString(),
Challenge = startedRegistration.Challenge,
UserName = GetCurrentUser()
};
return View(model);
}
