public GangUserCredential(
string id,
GangPublicKey publicKey,
IEnumerable <string> transports,
DateTimeOffset created,
DateTimeOffset?validated = null
)
{
Id = id;
PublicKey = publicKey;
Transports = transports?.ToImmutableList();
Created = created;
Validated = validated ?? created;
}
bool IGangCryptoService.VerifySignature(
GangPublicKey publicKey,
ReadOnlySpan <byte> data, ReadOnlySpan <byte> signature)
{
var verifierKey = Tuple.Create(publicKey.KeyType, publicKey.Algorithm);
if (!_verifiers.ContainsKey(verifierKey))
{
throw new NotSupportedException($"KeyType {publicKey.KeyType} / algorithm {publicKey.Algorithm} combination is not supported");
}
var verifier = _verifiers[verifierKey];
var parameters = new GangCryptoParameters(this, publicKey.Parameters);
return(verifier.Verify(parameters, data, signature));
}
bool ValidateCredential(
GangPublicKey publicKey,
string clientData,
string authenticatorData,
string signatureData
)
{
var authenticatorBytes = GangSerialization
.Base64UrlToBytes(authenticatorData);
// RP ID Hash
//var rpIdHash = authenticatorBytes[..32];
// Flags
//var flags = new BitArray(authenticatorBytes[32..33].ToArray());
//var userPresent = flags[0];
//var userVerified = flags[2];
//var attestedCredentialData = flags[6];
//var extensionDataIncluded = flags[7];
// Signature counter
//var counterBuf = authenticatorBytes[33..37].ToArray();
//var counter = BitConverter.ToUInt32(counterBuf);
var signature = GangSerialization.Base64UrlToBytes(signatureData);
using var hasher = new SHA256Managed();
var hash = hasher.ComputeHash(
GangSerialization.Base64UrlToBytes(clientData).ToArray()
);
var data = new byte[authenticatorBytes.Length + hash.Length];
authenticatorBytes.CopyTo(data);
hash.CopyTo(data, authenticatorBytes.Length);
return(_crypto.VerifySignature(
publicKey,
data, signature
));
}
