public async Task TestNoneAttestationAsync() { var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsNone.json")); var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsNone.json")); var o = AuthenticatorAttestationResponse.Parse(jsonPost); await o.VerifyAsync(options, "https://localhost:44329", (x) => Task.FromResult(true), MetadataService, null); }
public async Task TestFido2AssertionAsync() { //var existingKey = "45-43-53-31-20-00-00-00-0E-B4-F3-73-C2-AC-7D-F7-7E-7D-17-D3-A3-A2-CC-AB-E5-C6-B1-42-ED-10-AC-7C-15-72-39-8D-75-C6-5B-B9-76-09-33-A0-30-F2-44-51-C8-31-AF-72-9B-4F-7B-AB-4F-85-2D-7D-1F-E0-B5-BD-A3-3D-0E-D6-18-04-CD-98"; //var key2 = "45-43-53-31-20-00-00-00-1D-60-44-D7-92-A0-0C-1E-3B-F9-58-5A-28-43-92-FD-F6-4F-BB-7F-8E-86-33-38-30-A4-30-5D-4E-2C-71-E3-53-3C-7B-98-81-99-FE-A9-DA-D9-24-8E-04-BD-C7-86-40-D3-03-1E-6E-00-81-7D-85-C3-A2-19-C9-21-85-8D"; //var key2 = "45-43-53-31-20-00-00-00-A9-E9-12-2A-37-8A-F0-74-E7-BA-52-54-B0-91-55-46-DB-21-E5-2C-01-B8-FB-69-CD-E5-ED-02-B6-C3-16-E3-1A-59-16-C1-43-87-0D-04-B9-94-7F-CF-56-E5-AA-5E-96-8C-5B-27-8F-83-F4-E2-50-AB-B3-F6-28-A1-F8-9E"; var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./AttestationNoneOptions.json")); var response = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./AttestationNoneResponse.json")); var o = AuthenticatorAttestationResponse.Parse(response); await o.VerifyAsync(options, "https://localhost:44329", (x) => Task.FromResult(true), MetadataService, null); var credId = "F1-3C-7F-08-3C-A2-29-E0-B4-03-E8-87-34-6E-FC-7F-98-53-10-3A-30-91-75-67-39-7A-D1-D8-AF-87-04-61-87-EF-95-31-85-60-F3-5A-1A-2A-CF-7D-B0-1D-06-B9-69-F9-AB-F4-EC-F3-07-3E-CF-0F-71-E8-84-E8-41-20"; var allowedCreds = new List <PublicKeyCredentialDescriptor>() { new PublicKeyCredentialDescriptor() { Id = StringToByteArray(credId), Type = PublicKeyCredentialType.PublicKey } }; // assertion var aoptions = Get <AssertionOptions>("./assertionNoneOptions.json"); var aresponse = Get <AuthenticatorAssertionRawResponse>("./assertionNoneResponse.json"); // signed assertion? //var cng = CngKey.Import(StringToByteArray(key2), CngKeyBlobFormat.EccPublicBlob); //var existingPublicKey = new ECDsaCng(cng); //fido2.MakeAssertion(aresponse, aoptions, response.); }
public async Task TestNoneAttestationAsync() { var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsNone.json")); var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsNone.json")); var o = AuthenticatorAttestationResponse.Parse(jsonPost); await o.VerifyAsync(_config, options, _expectedOrigin, (x) => Task.FromResult(true), _metadataService, null); }
public async Task TaskPackedAttestation512() { var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsPacked512.json")); var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsPacked512.json")); var o = AuthenticatorAttestationResponse.Parse(jsonPost); await o.VerifyAsync(options, "https://localhost:44329", (x) => Task.FromResult(true), null, null); byte[] ad = o.AttestationObject.AuthData; }
public async Task TestAndroidKeyAttestationAsync() { var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationAndroidKeyResponse.json")); var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationAndroidKeyOptions.json")); var o = AuthenticatorAttestationResponse.Parse(jsonPost); await o.VerifyAsync(options, config, (x) => Task.FromResult(true), MetadataService, null); byte[] ad = o.AttestationObject.AuthData; }
public async Task TaskPackedAttestation512() { var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsPacked512.json")); var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsPacked512.json")); var o = AuthenticatorAttestationResponse.Parse(jsonPost); await o.VerifyAsync(options, _config, (x) => Task.FromResult(true), _metadataService, null); byte[] ad = o.AttestationObject.AuthData; // TODO : Why read ad ? Is the test finished ? }
public async Task TestParsingAsync() { var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./json1.json")); var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./options1.json")); Assert.NotNull(jsonPost); var o = AuthenticatorAttestationResponse.Parse(jsonPost); await o.VerifyAsync(options, _config, (x) => Task.FromResult(true), _metadataService, null); }
public async Task TestTPMSHA256AttestationAsync() { var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationTPMSHA256Response.json")); var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationTPMSHA256Options.json")); var o = AuthenticatorAttestationResponse.Parse(jsonPost); await o.VerifyAsync(_config, options, _expectedOrigin, (x) => Task.FromResult(true), _metadataService, null); byte[] ad = o.AttestationObject.AuthData; // TODO : Why read ad ? Is the test finished ? }
public void TestAuthenticatorAttestationReponseAttestationObjectNull(byte[] value) { var rawResponse = new AuthenticatorAttestationRawResponse { Response = new AuthenticatorAttestationRawResponse.ResponseData() { AttestationObject = value, } }; var ex = Assert.Throws <Fido2VerificationException>(() => AuthenticatorAttestationResponse.Parse(rawResponse)); Assert.Equal("Missing AttestationObject", ex.Message); }
public void TestAuthenticatorAttestationResponseNull() { var rawResponse = new AuthenticatorAttestationRawResponse { Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, Response = null, }; var ex = Assert.Throws <Fido2VerificationException>(() => AuthenticatorAttestationResponse.Parse(rawResponse)); Assert.Equal("Expected rawResponse, got null", ex.Message); }
public async Task TestAppleAttestationAsync() { var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationAppleResponse.json")); var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationAppleOptions.json")); var o = AuthenticatorAttestationResponse.Parse(jsonPost); var config = new Fido2Configuration { Origin = "https://6cc3c9e7967a.ngrok.io" }; await o.VerifyAsync(options, config, (x) => Task.FromResult(true), _metadataService, null); byte[] ad = o.AttestationObject.AuthData; // TODO : Why read ad ? Is the test finished ? }
public async Task TestPackedAttestationAsync() { var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsPacked.json")); var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsPacked.json")); var o = AuthenticatorAttestationResponse.Parse(jsonPost); await o.VerifyAsync(options, _config, (x) => Task.FromResult(true), _metadataService, null); byte[] ad = o.AttestationObject.AuthData; var authData = new AuthenticatorData(ad); Assert.True(authData.ToByteArray().SequenceEqual(ad)); var acdBytes = authData.AttestedCredentialData.ToByteArray(); var acd = new AttestedCredentialData(acdBytes); Assert.True(acd.ToByteArray().SequenceEqual(acdBytes)); }
public void TestAuthenticatorAttestationObjectBadCBOR(byte[] value) { var rawResponse = new AuthenticatorAttestationRawResponse { Response = new AuthenticatorAttestationRawResponse.ResponseData() { AttestationObject = value, } }; var ex = Assert.Throws <Fido2VerificationException>(() => AuthenticatorAttestationResponse.Parse(rawResponse)); Assert.Equal("AttestationObject invalid CBOR", ex.Message); var innerEx = (CborContentException)ex.InnerException; Assert.Equal("Declared definite length of CBOR data item exceeds available buffer size.", innerEx.Message); }
public void TestAuthenticatorAttestationRawResponseNull() { var ex = Assert.Throws <Fido2VerificationException>(() => AuthenticatorAttestationResponse.Parse(null)); Assert.Equal("Expected rawResponse, got null", ex.Message); }
public async Task <IActionResult> RegisterCallback([FromBody] AuthenticatorAttestationRawResponse model) { var sub = HttpContext.User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value; if (string.IsNullOrEmpty(sub)) { return(RedirectToAction("Index", "Home")); } var user = await _users.FindByIdAsync(sub); if (user == null) { return(RedirectToAction("Index", "Home")); } try { // 1. get the options we sent the client var jsonOptions = HttpContext.Session.GetString("fido2.attestationOptions"); var options = CredentialCreateOptions.FromJson(jsonOptions); var authenticatorName = HttpContext.Session.GetString("fido2.attestationOptions.authenticatorType"); // 2. Create callback so that lib can verify credential id is unique to this user IsCredentialIdUniqueToUserAsyncDelegate callback = async(IsCredentialIdUniqueToUserParams args) => { var users = _authContext.FidoLogins.Where(l => l.PublicKeyIdBytes.SequenceEqual(args.CredentialId)); if (users.Count() > 0) { return(false); } return(true); }; // 2. Verify and make the credentials var success = await _lib.MakeNewCredentialAsync(model, options, callback); var parsedResponse = AuthenticatorAttestationResponse.Parse(model);; var authData = new AuthenticatorData(parsedResponse.AttestationObject.AuthData); var dbUser = _authContext.Users.First(x => x.Id == user.Id); dbUser.TwoFactorEnabled = true; var login = new FidoLogin() { PublicKeyIdBytes = success.Result.CredentialId, PublicKeyId = Fido2NetLib.Base64Url.Encode(success.Result.CredentialId), AaGuid = success.Result.Aaguid.ToString(), PublicKey = success.Result.PublicKey, SignatureCounter = success.Result.Counter, CredType = success.Result.CredType, RegistrationDate = DateTime.Now, User = dbUser, UserHandle = success.Result.User.Id, AuthenticatorName = authenticatorName }; _authContext.FidoLogins.Add(login); _authContext.SaveChanges(); // 4. return "ok" to the client return(Json(new { success = true })); } catch (Exception e) { return(Json(new { error = true })); } }