/// <summary>
/// Verifies the response from the browser/authr after creating new credentials
/// </summary>
/// <param name="attestationResponse"></param>
/// <param name="origChallenge"></param>
/// <returns></returns>
public async Task <CredentialMakeResult> MakeNewCredentialAsync(AuthenticatorAttestationRawResponse attestationResponse, CredentialCreateOptions origChallenge, IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser, byte[] requestTokenBindingId = null)
{
var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse);
var success = await parsedResponse.VerifyAsync(origChallenge, Config, isCredentialIdUniqueToUser, Config.MetadataService, requestTokenBindingId);
// todo: Set Errormessage etc.
return(new CredentialMakeResult {
Status = "ok", ErrorMessage = string.Empty, Result = success
});
}
public static AuthenticatorAttestationResponse Parse(AuthenticatorAttestationRawResponse rawResponse)
{
if (null == rawResponse || null == rawResponse.Response)
{
throw new Fido2VerificationException("Expected rawResponse, got null");
}
if (null == rawResponse.Response.AttestationObject || 0 == rawResponse.Response.AttestationObject.Length)
{
throw new Fido2VerificationException("Missing AttestationObject");
}
CBORObject cborAttestation = null;
try
{
cborAttestation = CBORObject.DecodeFromBytes(rawResponse.Response.AttestationObject);
}
catch (CBORException)
{
throw new Fido2VerificationException("Malformed AttestationObject");
}
if (null == cborAttestation["fmt"] ||
CBORType.TextString != cborAttestation["fmt"].Type ||
null == cborAttestation["attStmt"] ||
CBORType.Map != cborAttestation["attStmt"].Type ||
null == cborAttestation["authData"] ||
CBORType.ByteString != cborAttestation["authData"].Type
)
{
throw new Fido2VerificationException("Malformed AttestationObject");
}
var response = new AuthenticatorAttestationResponse(rawResponse.Response.ClientDataJson)
{
Raw = rawResponse,
AttestationObject = new ParsedAttestationObject()
{
Fmt = cborAttestation["fmt"].AsString(),
AttStmt = cborAttestation["attStmt"], // convert to dictionary?
AuthData = cborAttestation["authData"].GetByteString()
}
};
return(response);
}
public static AuthenticatorAttestationResponse Parse(AuthenticatorAttestationRawResponse rawResponse)
{
if (null == rawResponse || null == rawResponse.Response)
{
throw new Fido2VerificationException("Expected rawResponse, got null");
}
if (null == rawResponse.Response.AttestationObject || 0 == rawResponse.Response.AttestationObject.Length)
{
throw new Fido2VerificationException("Missing AttestationObject");
}
// 8. Perform CBOR decoding on the attestationObject field of the AuthenticatorAttestationResponse structure to obtain the attestation statement format fmt, the authenticator data authData, and the attestation statement attStmt.
CBORObject cborAttestation;
try
{
cborAttestation = CBORObject.DecodeFromBytes(rawResponse.Response.AttestationObject);
}
catch (CBORException ex)
{
throw new Fido2VerificationException("AttestationObject invalid CBOR", ex);
}
if (null == cborAttestation["fmt"] ||
CBORType.TextString != cborAttestation["fmt"].Type ||
null == cborAttestation["attStmt"] ||
CBORType.Map != cborAttestation["attStmt"].Type ||
null == cborAttestation["authData"] ||
CBORType.ByteString != cborAttestation["authData"].Type)
{
throw new Fido2VerificationException("Malformed AttestationObject");
}
var response = new AuthenticatorAttestationResponse(rawResponse.Response.ClientDataJson)
{
Raw = rawResponse,
AttestationObject = new ParsedAttestationObject()
{
Fmt = cborAttestation["fmt"].AsString(),
AttStmt = cborAttestation["attStmt"], // convert to dictionary?
AuthData = cborAttestation["authData"].GetByteString()
}
};
return(response);
}
/// <summary>
/// Verifies the response from the browser/authr after creating new credentials
/// </summary>
/// <param name="attestationResponse"></param>
/// <param name="origChallenge"></param>
/// <param name="isCredentialIdUniqueToUser"></param>
/// <param name="requestTokenBindingId"></param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
public async Task <CredentialMakeResult> MakeNewCredentialAsync(
AuthenticatorAttestationRawResponse attestationResponse,
CredentialCreateOptions origChallenge,
IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
byte[]?requestTokenBindingId = null,
CancellationToken cancellationToken = default)
{
var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse);
var success = await parsedResponse.VerifyAsync(origChallenge, _config, isCredentialIdUniqueToUser, _metadataService, requestTokenBindingId, cancellationToken);
// todo: Set Errormessage etc.
return(new CredentialMakeResult(
status: "ok",
errorMessage: string.Empty,
result: success
));
}
