private ServerAuthenticatorSelectionCriteria GetAuthenticatorSelectionCriteria(string userVerificationLevel, string attachmentMode, bool residentKey)
{
ServerAuthenticatorSelectionCriteria selectionCriteria = new ServerAuthenticatorSelectionCriteria();
if (!TextUtils.IsEmpty(userVerificationLevel))
{
selectionCriteria.UserVerification = userVerificationLevel;
}
else
{
selectionCriteria.UserVerification = null;
}
if (!TextUtils.IsEmpty(attachmentMode))
{
selectionCriteria.AuthenticatorAttachment = attachmentMode;
}
else
{
selectionCriteria.AuthenticatorAttachment = null;
}
selectionCriteria.IsRequireResidentKey = residentKey;
return(selectionCriteria);
}
ServerPublicKeyCredentialCreationOptionsResponse IFidoServer.GetAttestationOptions(ServerPublicKeyCredentialCreationOptionsRequest request)
{
ServerPublicKeyCredentialCreationOptionsResponse response =
new ServerPublicKeyCredentialCreationOptionsResponse();
response.Attestation = request.Attestation;
ServerAuthenticatorSelectionCriteria selectionCriteria = request.AuthenticatorSelection;
if (selectionCriteria != null)
{
response.AuthenticatorSelection = selectionCriteria;
}
response.Challenge = ByteUtils.ByteToBase64(GetChallege());
List <ServerPublicKeyCredentialDescriptor> excludeCredentialList = new List <ServerPublicKeyCredentialDescriptor>();
foreach (ServerRegInfo info in regInfos)
{
ServerPublicKeyCredentialDescriptor desc = new ServerPublicKeyCredentialDescriptor();
desc.Id = info.CredentialId;
desc.Type = "public-key";
excludeCredentialList.Add(desc);
}
response.ExcludeCredentials = excludeCredentialList.ToArray();
List <ServerPublicKeyCredentialParameters> pubKeyCredParamList = new List <ServerPublicKeyCredentialParameters>();
ServerPublicKeyCredentialParameters cp = new ServerPublicKeyCredentialParameters();
cp.Alg = -7;
cp.Type = "public-key";
pubKeyCredParamList.Add(cp);
cp = new ServerPublicKeyCredentialParameters();
cp.Alg = -257;
cp.Type = "public-key";
pubKeyCredParamList.Add(cp);
response.PubKeyCredParams = pubKeyCredParamList.ToArray();
ServerPublicKeyCredentialRpEntity rpEntity = new ServerPublicKeyCredentialRpEntity();
rpEntity.Name = "www.huawei.fidodemo";
response.Rp = rpEntity;
response.RpId = "www.huawei.fidodemo";
response.Timeout = 60L;
ServerPublicKeyCredentialUserEntity user = new ServerPublicKeyCredentialUserEntity();
user.Id = request.Username;
user.DisplayName = request.DisplayName;
response.User = user;
return(response);
}
private ServerPublicKeyCredentialCreationOptionsRequest GetRegServerPublicKeyCredentialCreationOptionsRequest()
{
ServerPublicKeyCredentialCreationOptionsRequest request = new ServerPublicKeyCredentialCreationOptionsRequest();
string userName = UserName;
if (userName == null)
{
return(null);
}
request.Username = userName;
request.DisplayName = userName;
string userVeriLevel = GetSpinnerSelect(userVerificationSp.SelectedItem);
string attachmentMode = GetSpinnerSelect(attachmentSp.SelectedItem);
bool residentKey = false;
if (residentKeySp.SelectedItem != null)
{
string residentKeyString = GetSpinnerSelect(residentKeySp.SelectedItem);
if (TextUtils.IsEmpty(residentKeyString))
{
residentKey = false;
}
else if ("false".Equals(residentKeyString))
{
residentKey = false;
}
else if ("true".Equals(residentKeyString))
{
residentKey = true;
}
}
string attestConveyancePreference = GetSpinnerSelect(attestationSp.SelectedItem);
ServerAuthenticatorSelectionCriteria selection = GetAuthenticatorSelectionCriteria(userVeriLevel, attachmentMode, residentKey);
request.AuthenticatorSelection = selection;
request.Attestation = attestConveyancePreference;
return(request);
}
public static PublicKeyCredentialCreationOptions ConvertToPublicKeyCredentialCreationOptions(IFido2Client fido2Client,
ServerPublicKeyCredentialCreationOptionsResponse response)
{
PublicKeyCredentialCreationOptions.Builder builder = new PublicKeyCredentialCreationOptions.Builder();
string name = response.Rp.Name;
PublicKeyCredentialRpEntity entity = new PublicKeyCredentialRpEntity(name, name, null);
builder.SetRp(entity);
string id = response.User.Id;
try
{
builder.SetUser(new PublicKeyCredentialUserEntity(id, System.Text.Encoding.UTF8.GetBytes(id)));
}
catch (UnsupportedEncodingException e)
{
Log.Error(Tag, e.Message, e);
}
builder.SetChallenge(ByteUtils.Base64ToByte(response.Challenge));
if (response.PubKeyCredParams != null)
{
List <PublicKeyCredentialParameters> parameters = new List <PublicKeyCredentialParameters>();
ServerPublicKeyCredentialParameters[] serverPublicKeyCredentialParameters = response.PubKeyCredParams;
foreach (ServerPublicKeyCredentialParameters param in serverPublicKeyCredentialParameters)
{
try
{
PublicKeyCredentialParameters parameter = new PublicKeyCredentialParameters(
PublicKeyCredentialType.PublicKey, Algorithm.FromCode(param.Alg));
parameters.Add(parameter);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
builder.SetPubKeyCredParams(parameters);
}
if (response.ExcludeCredentials != null)
{
List <PublicKeyCredentialDescriptor> descriptors = new List <PublicKeyCredentialDescriptor>();
ServerPublicKeyCredentialDescriptor[] serverDescriptors = response.ExcludeCredentials;
foreach (ServerPublicKeyCredentialDescriptor desc in serverDescriptors)
{
List <AuthenticatorTransport> transports = new List <AuthenticatorTransport>();
if (desc.Transports != null)
{
try
{
transports.Add(AuthenticatorTransport.FromValue(desc.Transports));
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
PublicKeyCredentialDescriptor descriptor = new PublicKeyCredentialDescriptor(
PublicKeyCredentialType.PublicKey, ByteUtils.Base64ToByte(desc.Id), transports);
descriptors.Add(descriptor);
}
builder.SetExcludeList(descriptors);
}
Attachment attachment = null;
if (response.AuthenticatorSelection != null)
{
ServerAuthenticatorSelectionCriteria selectionCriteria = response.AuthenticatorSelection;
if (selectionCriteria.AuthenticatorAttachment != null)
{
try
{
attachment = Attachment.FromValue(selectionCriteria.AuthenticatorAttachment);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
bool residentKey = selectionCriteria.IsRequireResidentKey;
UserVerificationRequirement requirement = null;
if (selectionCriteria.UserVerification != null)
{
try
{
requirement = UserVerificationRequirement.FromValue(selectionCriteria.UserVerification);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
AuthenticatorSelectionCriteria fido2Selection =
new AuthenticatorSelectionCriteria(attachment, (Java.Lang.Boolean)residentKey, requirement);
builder.SetAuthenticatorSelection(fido2Selection);
}
// attestation
if (response.Attestation != null)
{
try
{
AttestationConveyancePreference preference =
AttestationConveyancePreference.FromValue(response.Attestation);
builder.SetAttestation(preference);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
Dictionary <string, Java.Lang.Object> extensions = new Dictionary <string, Java.Lang.Object>();
if (response.Extensions != null)
{
extensions.AddRangeOverride(response.Extensions);
}
// Specify a platform authenticator and related extension items. You can specify a platform
// authenticator or not as needed.
if (Attachment.Platform.Equals(attachment))
{
UseSelectedPlatformAuthenticator(fido2Client, extensions);
}
builder.SetExtensions(extensions);
builder.SetTimeoutSeconds((Java.Lang.Long)response.Timeout);
return(builder.Build());
}
