private async Task ProcessConformanceTOC(string tocURL) { var rawTOC = await DownloadString(tocURL); MetadataTOCPayload toc = null; try { toc = await ValidatedTOCFromJwtSecurityToken(rawTOC); } catch { return; } foreach (var entry in toc.Entries) { if (null != entry.AaGuid) { var rawStatement = await DownloadString(entry.Url); var statementBytes = Base64Url.Decode(rawStatement); var statement = System.Text.Encoding.UTF8.GetString(statementBytes, 0, statementBytes.Length); var metadataStatement = JsonConvert.DeserializeObject <MetadataStatement>(statement); metadataStatement.Hash = Base64Url.Encode(CryptoUtils.GetHasher(new HashAlgorithmName(tocAlg)).ComputeHash(System.Text.Encoding.UTF8.GetBytes(rawStatement))); entry.MetadataStatement = metadataStatement; payload.Add(new Guid(entry.AaGuid), entry); } } }
public void AddConformanceTOC() { foreach (var tocURL in _endpoints) { var rawTOC = DownloadString(tocURL).Result; MetadataTOCPayload toc = null; try { toc = ValidatedTOCFromJwtSecurityToken(rawTOC); } catch { continue; } foreach (var entry in toc.Entries) { if (null != entry.AaGuid) { var rawStatement = DownloadString(entry.Url).Result; var statementBytes = Base64Url.Decode(rawStatement); var statement = System.Text.Encoding.UTF8.GetString(statementBytes, 0, statementBytes.Length); var metadataStatement = JsonConvert.DeserializeObject <MetadataStatement>(statement); metadataStatement.Hash = Base64Url.Encode(CryptoUtils.GetHasher(new HashAlgorithmName(tocAlg)).ComputeHash(System.Text.Encoding.UTF8.GetBytes(rawStatement))); entry.MetadataStatement = metadataStatement; payload.Add(new Guid(entry.AaGuid), entry); } } } CustomTOCPayloadFromCache(); }
protected virtual async Task LoadTocEntryStatement( IMetadataRepository repository, MetadataTOCPayload toc, MetadataTOCPayloadEntry entry, DateTime?cacheUntil = null) { if (entry.AaGuid != null && !_entries.ContainsKey(Guid.Parse(entry.AaGuid))) { var entryAaGuid = Guid.Parse(entry.AaGuid); var cacheKey = GetEntryCacheKey(repository, entryAaGuid); var cachedEntry = await _cache.GetStringAsync(cacheKey); if (cachedEntry != null) { var statement = JsonConvert.DeserializeObject <MetadataStatement>(cachedEntry); if (!string.IsNullOrWhiteSpace(statement.AaGuid)) { var aaGuid = Guid.Parse(statement.AaGuid); _metadataStatements.TryAdd(aaGuid, statement); _entries.TryAdd(aaGuid, entry); } } else { _log?.LogInformation("Entry for {0} {1} not cached so loading from MDS...", entry.AaGuid, entry.MetadataStatement?.Description ?? entry.StatusReports?.FirstOrDefault().CertificationDescriptor ?? "(unknown)"); try { var statement = await repository.GetMetadataStatement(toc, entry); if (!string.IsNullOrWhiteSpace(statement.AaGuid)) { var statementJson = JsonConvert.SerializeObject(statement, Formatting.Indented); _log?.LogDebug("{0}:{1}\n{2}", statement.AaGuid, statement.Description, statementJson); var aaGuid = Guid.Parse(statement.AaGuid); _metadataStatements.TryAdd(aaGuid, statement); _entries.TryAdd(aaGuid, entry); if (cacheUntil.HasValue) { await _cache.SetStringAsync(cacheKey, statementJson, new DistributedCacheEntryOptions { AbsoluteExpiration = cacheUntil }); } } } catch (Exception ex) { _log?.LogError(ex, "Error getting MetadataStatement from {0} for AAGUID '{1}' ", repository.GetType().Name, entry.AaGuid); throw; } } } }
public Task <MetadataTOCPayload> GetToc() { if (System.IO.Directory.Exists(_path)) { foreach (var filename in System.IO.Directory.GetFiles(_path)) { var rawStatement = System.IO.File.ReadAllText(filename); var statement = JsonConvert.DeserializeObject <MetadataStatement>(rawStatement); var conformanceEntry = new MetadataTOCPayloadEntry { AaGuid = statement.AaGuid, MetadataStatement = statement, StatusReports = new StatusReport[] { new StatusReport() { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } } }; if (null != conformanceEntry.AaGuid) { _entries.Add(new Guid(conformanceEntry.AaGuid), conformanceEntry); } } } _toc = new MetadataTOCPayload() { Entries = _entries.Select(o => o.Value).ToArray(), NextUpdate = "", //Empty means it won't get cached LegalHeader = "Local FAKE", Number = 1 }; return(Task.FromResult(_toc)); }
public async Task <MetadataTOCPayload> GetToc() { var req = new { endpoint = _origin }; var content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(req), Encoding.UTF8, "application/json"); var response = await _httpClient.PostAsync(_getEndpointsUrl, content); var result = Newtonsoft.Json.JsonConvert.DeserializeObject <MDSGetEndpointResponse>(await response.Content.ReadAsStringAsync()); var conformanceEndpoints = new List <string>(result.Result); var combinedToc = new MetadataTOCPayload { Number = -1, NextUpdate = "2099-08-07" }; var entries = new List <MetadataTOCPayloadEntry>(); foreach (var tocUrl in conformanceEndpoints) { var rawToc = await DownloadStringAsync(tocUrl); MetadataTOCPayload toc = null; try { toc = await DeserializeAndValidateToc(rawToc); } catch { continue; } if (string.Compare(toc.NextUpdate, combinedToc.NextUpdate) < 0) { combinedToc.NextUpdate = toc.NextUpdate; } if (combinedToc.Number < toc.Number) { combinedToc.Number = toc.Number; } foreach (var entry in toc.Entries) { entries.Add(entry); } combinedToc.JwtAlg = toc.JwtAlg; } combinedToc.Entries = entries.ToArray(); return(combinedToc); }
public async Task <MetadataStatement> GetMetadataStatement(MetadataTOCPayload toc, MetadataTOCPayloadEntry entry) { var statementBase64Url = await DownloadStringAsync(entry.Url); var statementBytes = Base64Url.Decode(statementBase64Url); var statementString = Encoding.UTF8.GetString(statementBytes, 0, statementBytes.Length); var statement = Newtonsoft.Json.JsonConvert.DeserializeObject <MetadataStatement>(statementString); using (HashAlgorithm hasher = CryptoUtils.GetHasher(new HashAlgorithmName(toc.JwtAlg))) { statement.Hash = Base64Url.Encode(hasher.ComputeHash(Encoding.UTF8.GetBytes(statementBase64Url))); } return(statement); }
public async Task <MetadataStatement> GetMetadataStatement(MetadataTOCPayload toc, MetadataTOCPayloadEntry entry) { if (_toc == null) { await GetToc(); } if (!string.IsNullOrEmpty(entry.AaGuid) && Guid.TryParse(entry.AaGuid, out Guid parsedAaGuid)) { if (_entries.ContainsKey(parsedAaGuid)) { return(_entries[parsedAaGuid].MetadataStatement); } } return(null); }
public async Task <MetadataStatement> GetMetadataStatement(MetadataTOCPayload toc, MetadataTOCPayloadEntry entry) { var statementBase64Url = await DownloadStringAsync(entry.Url + "/?token=" + WebUtility.UrlEncode(_token)); var statementBytes = Base64Url.Decode(statementBase64Url); var statementString = Encoding.UTF8.GetString(statementBytes, 0, statementBytes.Length); var statement = Newtonsoft.Json.JsonConvert.DeserializeObject <MetadataStatement>(statementString); using (HashAlgorithm hasher = CryptoUtils.GetHasher(new HashAlgorithmName(toc.JwtAlg))) { statement.Hash = Base64Url.Encode(hasher.ComputeHash(Encoding.UTF8.GetBytes(statementBase64Url))); } if (!HashesAreEqual(entry.Hash, statement.Hash)) { throw new Fido2VerificationException("TOC entry and statement hashes do not match"); } return(statement); }
private DateTime?GetCacheUntilTime(MetadataTOCPayload toc) { if (!string.IsNullOrWhiteSpace(toc?.NextUpdate) && DateTime.TryParseExact( toc.NextUpdate, new[] { "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss", "o" }, //Sould be ISO8601 date but allow for other ISO formats too System.Globalization.CultureInfo.InvariantCulture, System.Globalization.DateTimeStyles.AssumeUniversal | System.Globalization.DateTimeStyles.AdjustToUniversal, out var parsedDate)) { //NextUpdate is in the past to default to a useful number that will result us cross the date theshold for the next update if (parsedDate < DateTime.UtcNow.AddMinutes(5)) { return(DateTime.UtcNow.Add(_defaultCacheInterval)); } return(parsedDate); } return(null); }
public void AddConformanceTOC() { var endpoints = new string[] { "https://fidoalliance.co.nz/mds/execute/20c027c091eba81d2e92c6581bf42c68776dc3910cf48840b73a035e5d70f956", "https://fidoalliance.co.nz/mds/execute/3e0be36ab70cdf5f32ae858b8610fcb7bf6e4f1aa47c7e53afcda5c822f5a346", "https://fidoalliance.co.nz/mds/execute/55a6301b9d7a7a45dc27dceeddc9b0ae4396c7d9ea8f46757018dd865dda24c5", "https://fidoalliance.co.nz/mds/execute/62c8ba89cf4f991e6890f442a606bb0b6f31f9a05946031846c4af1113046900", "https://fidoalliance.co.nz/mds/execute/d352b77e801de7b0d7d9842b02721c3e708c82405353235d2c04081fff8a302a" }; var client = new System.Net.WebClient(); foreach (var tocURL in endpoints) { var rawTOC = client.DownloadString(tocURL); //var jwtToken = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(rawTOC); //var tocPayload = (jwtToken).Payload.SerializeToJson(); MetadataTOCPayload toc = null; try { toc = ValidatedTOCFromJwtSecurityToken(rawTOC, true); } catch { Exception ex; continue; } foreach (var entry in toc.Entries) { if (null != entry.AaGuid) { var rawStatement = client.DownloadString(entry.Url); var statementBytes = Base64Url.Decode(rawStatement); var statement = System.Text.Encoding.UTF8.GetString(statementBytes, 0, statementBytes.Length); var metadataStatement = JsonConvert.DeserializeObject <MetadataStatement>(statement); metadataStatement.Hash = Base64Url.Encode(CryptoUtils.GetHasher(new HashAlgorithmName(tocAlg)).ComputeHash(System.Text.Encoding.UTF8.GetBytes(rawStatement))); entry.MetadataStatement = metadataStatement; payload.Add(new Guid(entry.AaGuid), entry); } } } }
public async Task <MetadataTOCPayload> GetToc() { var yubico = new MetadataTOCPayloadEntry { AaGuid = "f8a011f3-8c0a-4d15-8006-17111f9edc7d", Hash = "", StatusReports = new StatusReport[] { new StatusReport() { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Yubico YubiKey FIDO2", AttestationRootCertificates = new string[] { YUBICO_ROOT } } }; _entries.Add(new Guid(yubico.AaGuid), yubico); // YubiKey 5 USB and NFC AAGUID values from https://support.yubico.com/support/solutions/articles/15000014219-yubikey-5-series-technical-manual#AAGUID_Valuesxf002do var yubikey5usb = new MetadataTOCPayloadEntry { AaGuid = "cb69481e-8ff7-4039-93ec-0a2729a154a8", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Yubico YubiKey 5 USB", AttestationRootCertificates = new string[] { YUBICO_ROOT } } }; _entries.Add(new Guid(yubikey5usb.AaGuid), yubikey5usb); var yubikey5nfc = new MetadataTOCPayloadEntry { AaGuid = "fa2b99dc-9e39-4257-8f92-4a30d23c4118", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Yubico YubiKey 5 NFC", AttestationRootCertificates = new string[] { YUBICO_ROOT } } }; _entries.Add(new Guid(yubikey5nfc.AaGuid), yubikey5nfc); var yubicoSecuriyKeyNfc = new MetadataTOCPayloadEntry { AaGuid = "6d44ba9b-f6ec-2e49-b930-0c8fe920cb73", Hash = "", StatusReports = new StatusReport[] { new StatusReport() { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { Description = "Yubico Security Key NFC", Icon = "data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIzLjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Ill1YmljbyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDc2OCA3NjgiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDc2OCA3Njg7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCS5zdDB7ZmlsbDojOUFDQTNDO30KPC9zdHlsZT4KPHBvbHlnb24gaWQ9IlkiIGNsYXNzPSJzdDAiIHBvaW50cz0iMjE4LjQzLDIxMS44MSAzMTYuNDksMjExLjgxIDM4Ni41Miw0MDAuMDcgNDUzLjIsMjExLjgxIDU0OS41NywyMTEuODEgMzg3LjA4LDYxMS44NiAKCTI4Ni4yMyw2MTEuODYgMzMyLjE3LDUwMi4wNCAiLz4KPHBhdGggaWQ9IkNpcmNsZV8xXyIgY2xhc3M9InN0MCIgZD0iTTM4NCwwQzE3MS45MiwwLDAsMTcxLjkyLDAsMzg0czE3MS45MiwzODQsMzg0LDM4NHMzODQtMTcxLjkyLDM4NC0zODRTNTk2LjA4LDAsMzg0LDB6CgkgTTM4NCw2OTMuNThDMjEzLjAyLDY5My41OCw3NC40Miw1NTQuOTgsNzQuNDIsMzg0UzIxMy4wMiw3NC40MiwzODQsNzQuNDJTNjkzLjU4LDIxMy4wMiw2OTMuNTgsMzg0UzU1NC45OCw2OTMuNTgsMzg0LDY5My41OHoiLz4KPC9zdmc+Cg==", AttachmentHint = 6, AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", AttestationRootCertificates = new string[] { YUBICO_ROOT } } }; _entries.Add(new Guid(yubicoSecuriyKeyNfc.AaGuid), yubicoSecuriyKeyNfc); var msftWhfbSoftware = new MetadataTOCPayloadEntry { AaGuid = "6028B017-B1D4-4C02-B4B3-AFCDAFC96BB2", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Windows Hello software authenticator" } }; _entries.Add(new Guid(msftWhfbSoftware.AaGuid), msftWhfbSoftware); var msftWhfbSoftwareVbs = new MetadataTOCPayloadEntry { AaGuid = "6E96969E-A5CF-4AAD-9B56-305FE6C82795", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Windows Hello VBS software authenticator" } }; _entries.Add(new Guid(msftWhfbSoftwareVbs.AaGuid), msftWhfbSoftwareVbs); var msftWhfbHardware = new MetadataTOCPayloadEntry { AaGuid = "08987058-CADC-4B81-B6E1-30DE50DCBE96", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Windows Hello hardware authenticator" } }; _entries.Add(new Guid(msftWhfbHardware.AaGuid), msftWhfbHardware); var msftWhfbHardwareVbs = new MetadataTOCPayloadEntry { AaGuid = "9DDD1817-AF5A-4672-A2B9-3E3DD95000A9", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Windows Hello VBS hardware authenticator" } }; _entries.Add(new Guid(msftWhfbHardwareVbs.AaGuid), msftWhfbHardwareVbs); var solostatement = await DownloadStringAsync("https://raw.githubusercontent.com/solokeys/solo/master/metadata/Solo-FIDO2-CTAP2-Authenticator.json"); var soloMetadataStatement = JsonConvert.DeserializeObject <MetadataStatement>(solostatement); var soloKeysSolo = new MetadataTOCPayloadEntry { AaGuid = soloMetadataStatement.AaGuid, Url = "https://raw.githubusercontent.com/solokeys/solo/master/metadata/Solo-FIDO2-CTAP2-Authenticator.json", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = soloMetadataStatement }; _entries.Add(new Guid(soloKeysSolo.AaGuid), soloKeysSolo); var soloTapStatement = await DownloadStringAsync("https://raw.githubusercontent.com/solokeys/solo/master/metadata/SoloTap-FIDO2-CTAP2-Authenticator.json"); var soloTapMetadataStatement = JsonConvert.DeserializeObject <MetadataStatement>(soloTapStatement); var soloTapMetadata = new MetadataTOCPayloadEntry { AaGuid = soloTapMetadataStatement.AaGuid, Url = "https://raw.githubusercontent.com/solokeys/solo/master/metadata/SoloTap-FIDO2-CTAP2-Authenticator.json", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = soloTapMetadataStatement }; _entries.Add(new Guid(soloTapMetadata.AaGuid), soloTapMetadata); var soloSomuStatement = await DownloadStringAsync("https://raw.githubusercontent.com/solokeys/solo/master/metadata/Somu-FIDO2-CTAP2-Authenticator.json"); var soloSomuMetadataStatement = JsonConvert.DeserializeObject <MetadataStatement>(soloSomuStatement); var soloSomuMetadata = new MetadataTOCPayloadEntry { AaGuid = soloSomuMetadataStatement.AaGuid, Url = "https://raw.githubusercontent.com/solokeys/solo/master/metadata/Somu-FIDO2-CTAP2-Authenticator.json", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = soloSomuMetadataStatement }; _entries.Add(new Guid(soloSomuMetadata.AaGuid), soloSomuMetadata); foreach (var entry in _entries) { entry.Value.MetadataStatement.AaGuid = entry.Value.AaGuid; } _toc = new MetadataTOCPayload() { Entries = _entries.Select(o => o.Value).ToArray(), NextUpdate = _cacheUntil?.ToString("yyyy-MM-dd") ?? "", //Results in no caching LegalHeader = "Static FAKE", Number = 1 }; return(_toc); }
public async Task <MetadataTOCPayload> GetToc() { var yubico = new MetadataTOCPayloadEntry { AaGuid = "f8a011f3-8c0a-4d15-8006-17111f9edc7d", Hash = "", StatusReports = new StatusReport[] { new StatusReport() { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Yubico YubiKey FIDO2", AttestationRootCertificates = new string[] { YUBICO_ROOT } } }; _entries.Add(new Guid(yubico.AaGuid), yubico); var yubicoSecuriyKeyNfc = new MetadataTOCPayloadEntry { AaGuid = "6d44ba9b-f6ec-2e49-b930-0c8fe920cb73", Hash = "", StatusReports = new StatusReport[] { new StatusReport() { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { Description = "Yubico Security Key NFC", Icon = "data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIzLjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9Ill1YmljbyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDc2OCA3NjgiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDc2OCA3Njg7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCS5zdDB7ZmlsbDojOUFDQTNDO30KPC9zdHlsZT4KPHBvbHlnb24gaWQ9IlkiIGNsYXNzPSJzdDAiIHBvaW50cz0iMjE4LjQzLDIxMS44MSAzMTYuNDksMjExLjgxIDM4Ni41Miw0MDAuMDcgNDUzLjIsMjExLjgxIDU0OS41NywyMTEuODEgMzg3LjA4LDYxMS44NiAKCTI4Ni4yMyw2MTEuODYgMzMyLjE3LDUwMi4wNCAiLz4KPHBhdGggaWQ9IkNpcmNsZV8xXyIgY2xhc3M9InN0MCIgZD0iTTM4NCwwQzE3MS45MiwwLDAsMTcxLjkyLDAsMzg0czE3MS45MiwzODQsMzg0LDM4NHMzODQtMTcxLjkyLDM4NC0zODRTNTk2LjA4LDAsMzg0LDB6CgkgTTM4NCw2OTMuNThDMjEzLjAyLDY5My41OCw3NC40Miw1NTQuOTgsNzQuNDIsMzg0UzIxMy4wMiw3NC40MiwzODQsNzQuNDJTNjkzLjU4LDIxMy4wMiw2OTMuNTgsMzg0UzU1NC45OCw2OTMuNTgsMzg0LDY5My41OHoiLz4KPC9zdmc+Cg==", AttachmentHint = 6, AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", AttestationRootCertificates = new string[] { YUBICO_ROOT } } }; _entries.Add(new Guid(yubicoSecuriyKeyNfc.AaGuid), yubicoSecuriyKeyNfc); var msftWhfbSoftware = new MetadataTOCPayloadEntry { AaGuid = "6028B017-B1D4-4C02-B4B3-AFCDAFC96BB2", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_SURROGATE }, Hash = "", Description = "Windows Hello Software Authenticator", AuthenticatorVersion = 1, ProtocolFamily = "fido2", Upv = new UafVersion[] { new UafVersion() { Major = 1, Minor = 0 } }, AssertionScheme = "FIDOV2", AuthenticationAlgorithm = 12, PublicKeyAlgAndEncoding = 260, UserVerificationDetails = new VerificationMethodDescriptor[][] { new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 2 // USER_VERIFY_FINGERPRINT_INTERNAL } }, new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 4 // USER_VERIFY_PASSCODE_INTERNAL } }, new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 16 // USER_VERIFY_FACEPRINT_INTERNAL } }, new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 64 // USER_VERIFY_EYEPRINT_INTERNAL } } }, KeyProtection = 2, // KEY_PROTECTION_HARDWARE MatcherProtection = 1, // MATCHER_PROTECTION_SOFTWARE AttachmentHint = 1, // ATTACHMENT_HINT_INTERNAL IsSecondFactorOnly = false, TcDisplay = 0, Icon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAACkUlEQVR42uyai3GDMAyGQyegGzACnaCMkBHoBhkhnSAj0A2SDaAT0E6QbEA3cOXW6XEpBtnImMv9utOllxjF/qKHLTdRSm0gdnkAAgACIAACIAACIAACIAgAARAAARAAARAAARBEAFCSJINKkpLuSTtSZbQz76W25zhKkpFWPbtaz6Q75vPuoluuPmqxlZK2yi76s9RznjlpN2K7CrFWaUAHNS0HT0Atw3YpDSjxbdoPuaziG3uk579cvIdeWsbQD7L7NAYoWpKmLy8chueO5reB7KKKrQnQJdDYn9AJZHc5QBT7enINY2hjxrqItsvJWSdxFxKuYlOlWJmE6zPPcsJuN7WFiF7me5DOAws4OyZyG6TOsr/KQziDaJm/mcy2V1V0+T0JeXxqqlrWC9mGGy3O6wwFaI0SdR+EMg9AEAACIAByqViZb+/prgFdN6qb306j3lTWs0BJ76Qjw0ktO+3ad60PQhMrfM9YwqK7lUPe4j+/OR40cDaqJeJ+xo80JsWih1WTBAcb8ysKrb+TfowQKy3v55wbBkk49FJbQusqr4snadL9hEtXC3nO1G1HG6UfxIj5oDnJlHPOVVAerWGmvYQxwc70hiTh7Bidy3/3ZFE6isxf8epNhUCl4n5ftYqWKzMP3IIquaFnquXO0sZ1yn/RWq69SuK6GdPXORfSz4HPnk1bNXO0+UZze5HqKIodNYwnHVVcOUivNcStxj4CGFYhWAWgXgmuF4JzdMhn6wDUm1DpmFyVY7IvQqeTRdod2v2F8lNn/gcpW+rUsOi9mAmFwlSo3Pw9JQ3p+8bhgnAMkPM613BxOBQqc2FEB4SmPQSAAAiAAAiAAAiAAAiAIAAEQAAEQAAEQPco3wIMADOXgFhOTghuAAAAAElFTkSuQmCC" } }; _entries.Add(new Guid(msftWhfbSoftware.AaGuid), msftWhfbSoftware); var msftWhfbSoftwareVbs = new MetadataTOCPayloadEntry { AaGuid = "6E96969E-A5CF-4AAD-9B56-305FE6C82795", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Windows Hello VBS software authenticator" } }; _entries.Add(new Guid(msftWhfbSoftwareVbs.AaGuid), msftWhfbSoftwareVbs); var msftWhfbHardware = new MetadataTOCPayloadEntry { AaGuid = "08987058-CADC-4B81-B6E1-30DE50DCBE96", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { 15888 }, Hash = "", Description = "Windows Hello Hardware Authenticator", AttestationRootCertificates = new string[] { "MIIF9TCCA92gAwIBAgIQXbYwTgy/J79JuMhpUB5dyzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQGA1UEAxMtTWljcm9zb2Z0IFRQTSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE0MB4XDTE0MTIxMDIxMzExOVoXDTM5MTIxMDIxMzkyOFowgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBUUE0gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ+n+bnKt/JHIRC/oI/xgkgsYdPzP0gpvduDA2GbRtth+L4WUyoZKGBw7uz5bjjP8Aql4YExyjR3EZQ4LqnZChMpoCofbeDR4MjCE1TGwWghGpS0mM3GtWD9XiME4rE2K0VW3pdN0CLzkYbvZbs2wQTFfE62yNQiDjyHFWAZ4BQH4eWa8wrDMUxIAneUCpU6zCwM+l6Qh4ohX063BHzXlTSTc1fDsiPaKuMMjWjK9vp5UHFPa+dMAWr6OljQZPFIg3aZ4cUfzS9y+n77Hs1NXPBn6E4Db679z4DThIXyoKeZTv1aaWOWl/exsDLGt2mTMTyykVV8uD1eRjYriFpmoRDwJKAEMOfaURarzp7hka9TOElGyD2gOV4Fscr2MxAYCywLmOLzA4VDSYLuKAhPSp7yawET30AvY1HRfMwBxetSqWP2+yZRNYJlHpor5QTuRDgzR+Zej+aWx6rWNYx43kLthozeVJ3QCsD5iEI/OZlmWn5WYf7O8LB/1A7scrYv44FD8ck3Z+hxXpkklAsjJMsHZa9mBqh+VR1AicX4uZG8m16x65ZU2uUpBa3rn8CTNmw17ZHOiuSWJtS9+PrZVA8ljgf4QgA1g6NPOEiLG2fn8Gm+r5Ak+9tqv72KDd2FPBJ7Xx4stYj/WjNPtEUhW4rcLK3ktLfcy6ea7Rocw5y5AgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR6jArOL0hiF+KU0a5VwVLscXSkVjAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAW4ioo1+J9VWC0UntSBXcXRm1ePTVamtsxVy/GpP4EmJd3Ub53JzNBfYdgfUL51CppS3ZY6BoagB+DqoA2GbSL+7sFGHBl5ka6FNelrwsH6VVw4xV/8klIjmqOyfatPYsz0sUdZev+reeiGpKVoXrK6BDnUU27/mgPtem5YKWvHB/soofUrLKzZV3WfGdx9zBr8V0xW6vO3CKaqkqU9y6EsQw34n7eJCbEVVQ8VdFd9iV1pmXwaBAfBwkviPTKEP9Cm+zbFIOLr3V3CL9hJj+gkTUuXWlJJ6wVXEG5i4rIbLAV59UrW4LonP+seqvWMJYUFxu/niF0R3fSGM+NU11DtBVkhRZt1u0kFhZqjDz1dWyfT/N7Hke3WsDqUFsBi+8SEw90rWx2aUkLvKo83oU4Mx4na+2I3l9F2a2VNGk4K7l3a00g51miPiq0Da0jqw30PaLluTMTGY5+RnZVh50JD6nk+Ea3wRkU8aiYFnpIxfKBZ72whmYYa/egj9IKeqpR0vuLebbU0fJBf880K1jWD3Z5SFyJXo057Mv0OPw5mttytE585ZIy5JsaRXlsOoWGRXE3kUT/MKR1UoAgR54c8Bsh+9Dq2wqIK9mRn15zvBDeyHG6+czurLopziOUeWokxZN1syrEdKlhFoPYavm6t+PzIcpdxZwHA+V3jLJPfI=", }, AuthenticatorVersion = 1, ProtocolFamily = "fido2", Upv = new UafVersion[] { new UafVersion() { Major = 1, Minor = 0 } }, AssertionScheme = "FIDOV2", AuthenticationAlgorithm = 12, PublicKeyAlgAndEncoding = 260, UserVerificationDetails = new VerificationMethodDescriptor[][] { new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 2 // USER_VERIFY_FINGERPRINT_INTERNAL } }, new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 4 // USER_VERIFY_PASSCODE_INTERNAL } }, new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 16 // USER_VERIFY_FACEPRINT_INTERNAL } }, new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 64 // USER_VERIFY_EYEPRINT_INTERNAL } } }, KeyProtection = 2, // KEY_PROTECTION_HARDWARE MatcherProtection = 1, // MATCHER_PROTECTION_SOFTWARE AttachmentHint = 1, // ATTACHMENT_HINT_INTERNAL IsSecondFactorOnly = false, TcDisplay = 0, Icon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAACkUlEQVR42uyai3GDMAyGQyegGzACnaCMkBHoBhkhnSAj0A2SDaAT0E6QbEA3cOXW6XEpBtnImMv9utOllxjF/qKHLTdRSm0gdnkAAgACIAACIAACIAACIAgAARAAARAAARAAARBEAFCSJINKkpLuSTtSZbQz76W25zhKkpFWPbtaz6Q75vPuoluuPmqxlZK2yi76s9RznjlpN2K7CrFWaUAHNS0HT0Atw3YpDSjxbdoPuaziG3uk579cvIdeWsbQD7L7NAYoWpKmLy8chueO5reB7KKKrQnQJdDYn9AJZHc5QBT7enINY2hjxrqItsvJWSdxFxKuYlOlWJmE6zPPcsJuN7WFiF7me5DOAws4OyZyG6TOsr/KQziDaJm/mcy2V1V0+T0JeXxqqlrWC9mGGy3O6wwFaI0SdR+EMg9AEAACIAByqViZb+/prgFdN6qb306j3lTWs0BJ76Qjw0ktO+3ad60PQhMrfM9YwqK7lUPe4j+/OR40cDaqJeJ+xo80JsWih1WTBAcb8ysKrb+TfowQKy3v55wbBkk49FJbQusqr4snadL9hEtXC3nO1G1HG6UfxIj5oDnJlHPOVVAerWGmvYQxwc70hiTh7Bidy3/3ZFE6isxf8epNhUCl4n5ftYqWKzMP3IIquaFnquXO0sZ1yn/RWq69SuK6GdPXORfSz4HPnk1bNXO0+UZze5HqKIodNYwnHVVcOUivNcStxj4CGFYhWAWgXgmuF4JzdMhn6wDUm1DpmFyVY7IvQqeTRdod2v2F8lNn/gcpW+rUsOi9mAmFwlSo3Pw9JQ3p+8bhgnAMkPM613BxOBQqc2FEB4SmPQSAAAiAAAiAAAiAAAiAIAAEQAAEQAAEQPco3wIMADOXgFhOTghuAAAAAElFTkSuQmCC" } }; _entries.Add(new Guid(msftWhfbHardware.AaGuid), msftWhfbHardware); var msftWhfbHardwareVbs = new MetadataTOCPayloadEntry { AaGuid = "9DDD1817-AF5A-4672-A2B9-3E3DD95000A9", Hash = "", StatusReports = new StatusReport[] { new StatusReport { Status = AuthenticatorStatus.NOT_FIDO_CERTIFIED } }, MetadataStatement = new MetadataStatement { AttestationTypes = new ushort[] { (ushort)MetadataAttestationType.ATTESTATION_BASIC_FULL }, Hash = "", Description = "Windows Hello VBS Hardware Authenticator", AttestationRootCertificates = new string[] { "MIIF9TCCA92gAwIBAgIQXbYwTgy/J79JuMhpUB5dyzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQGA1UEAxMtTWljcm9zb2Z0IFRQTSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE0MB4XDTE0MTIxMDIxMzExOVoXDTM5MTIxMDIxMzkyOFowgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBUUE0gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ+n+bnKt/JHIRC/oI/xgkgsYdPzP0gpvduDA2GbRtth+L4WUyoZKGBw7uz5bjjP8Aql4YExyjR3EZQ4LqnZChMpoCofbeDR4MjCE1TGwWghGpS0mM3GtWD9XiME4rE2K0VW3pdN0CLzkYbvZbs2wQTFfE62yNQiDjyHFWAZ4BQH4eWa8wrDMUxIAneUCpU6zCwM+l6Qh4ohX063BHzXlTSTc1fDsiPaKuMMjWjK9vp5UHFPa+dMAWr6OljQZPFIg3aZ4cUfzS9y+n77Hs1NXPBn6E4Db679z4DThIXyoKeZTv1aaWOWl/exsDLGt2mTMTyykVV8uD1eRjYriFpmoRDwJKAEMOfaURarzp7hka9TOElGyD2gOV4Fscr2MxAYCywLmOLzA4VDSYLuKAhPSp7yawET30AvY1HRfMwBxetSqWP2+yZRNYJlHpor5QTuRDgzR+Zej+aWx6rWNYx43kLthozeVJ3QCsD5iEI/OZlmWn5WYf7O8LB/1A7scrYv44FD8ck3Z+hxXpkklAsjJMsHZa9mBqh+VR1AicX4uZG8m16x65ZU2uUpBa3rn8CTNmw17ZHOiuSWJtS9+PrZVA8ljgf4QgA1g6NPOEiLG2fn8Gm+r5Ak+9tqv72KDd2FPBJ7Xx4stYj/WjNPtEUhW4rcLK3ktLfcy6ea7Rocw5y5AgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR6jArOL0hiF+KU0a5VwVLscXSkVjAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAW4ioo1+J9VWC0UntSBXcXRm1ePTVamtsxVy/GpP4EmJd3Ub53JzNBfYdgfUL51CppS3ZY6BoagB+DqoA2GbSL+7sFGHBl5ka6FNelrwsH6VVw4xV/8klIjmqOyfatPYsz0sUdZev+reeiGpKVoXrK6BDnUU27/mgPtem5YKWvHB/soofUrLKzZV3WfGdx9zBr8V0xW6vO3CKaqkqU9y6EsQw34n7eJCbEVVQ8VdFd9iV1pmXwaBAfBwkviPTKEP9Cm+zbFIOLr3V3CL9hJj+gkTUuXWlJJ6wVXEG5i4rIbLAV59UrW4LonP+seqvWMJYUFxu/niF0R3fSGM+NU11DtBVkhRZt1u0kFhZqjDz1dWyfT/N7Hke3WsDqUFsBi+8SEw90rWx2aUkLvKo83oU4Mx4na+2I3l9F2a2VNGk4K7l3a00g51miPiq0Da0jqw30PaLluTMTGY5+RnZVh50JD6nk+Ea3wRkU8aiYFnpIxfKBZ72whmYYa/egj9IKeqpR0vuLebbU0fJBf880K1jWD3Z5SFyJXo057Mv0OPw5mttytE585ZIy5JsaRXlsOoWGRXE3kUT/MKR1UoAgR54c8Bsh+9Dq2wqIK9mRn15zvBDeyHG6+czurLopziOUeWokxZN1syrEdKlhFoPYavm6t+PzIcpdxZwHA+V3jLJPfI=", }, AuthenticatorVersion = 1, ProtocolFamily = "fido2", Upv = new UafVersion[] { new UafVersion() { Major = 1, Minor = 0 } }, AssertionScheme = "FIDOV2", AuthenticationAlgorithm = 12, PublicKeyAlgAndEncoding = 260, UserVerificationDetails = new VerificationMethodDescriptor[][] { new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 2 // USER_VERIFY_FINGERPRINT_INTERNAL } }, new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 4 // USER_VERIFY_PASSCODE_INTERNAL } }, new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 16 // USER_VERIFY_FACEPRINT_INTERNAL } }, new VerificationMethodDescriptor[] { new VerificationMethodDescriptor() { UserVerification = 64 // USER_VERIFY_EYEPRINT_INTERNAL } } }, KeyProtection = 6, // KEY_PROTECTION_HARDWARE & KEY_PROTECTION_TEE MatcherProtection = 2, // MATCHER_PROTECTION_TEE AttachmentHint = 1, // ATTACHMENT_HINT_INTERNAL IsSecondFactorOnly = false, TcDisplay = 0, Icon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAACkUlEQVR42uyai3GDMAyGQyegGzACnaCMkBHoBhkhnSAj0A2SDaAT0E6QbEA3cOXW6XEpBtnImMv9utOllxjF/qKHLTdRSm0gdnkAAgACIAACIAACIAACIAgAARAAARAAARAAARBEAFCSJINKkpLuSTtSZbQz76W25zhKkpFWPbtaz6Q75vPuoluuPmqxlZK2yi76s9RznjlpN2K7CrFWaUAHNS0HT0Atw3YpDSjxbdoPuaziG3uk579cvIdeWsbQD7L7NAYoWpKmLy8chueO5reB7KKKrQnQJdDYn9AJZHc5QBT7enINY2hjxrqItsvJWSdxFxKuYlOlWJmE6zPPcsJuN7WFiF7me5DOAws4OyZyG6TOsr/KQziDaJm/mcy2V1V0+T0JeXxqqlrWC9mGGy3O6wwFaI0SdR+EMg9AEAACIAByqViZb+/prgFdN6qb306j3lTWs0BJ76Qjw0ktO+3ad60PQhMrfM9YwqK7lUPe4j+/OR40cDaqJeJ+xo80JsWih1WTBAcb8ysKrb+TfowQKy3v55wbBkk49FJbQusqr4snadL9hEtXC3nO1G1HG6UfxIj5oDnJlHPOVVAerWGmvYQxwc70hiTh7Bidy3/3ZFE6isxf8epNhUCl4n5ftYqWKzMP3IIquaFnquXO0sZ1yn/RWq69SuK6GdPXORfSz4HPnk1bNXO0+UZze5HqKIodNYwnHVVcOUivNcStxj4CGFYhWAWgXgmuF4JzdMhn6wDUm1DpmFyVY7IvQqeTRdod2v2F8lNn/gcpW+rUsOi9mAmFwlSo3Pw9JQ3p+8bhgnAMkPM613BxOBQqc2FEB4SmPQSAAAiAAAiAAAiAAAiAIAAEQAAEQAAEQPco3wIMADOXgFhOTghuAAAAAElFTkSuQmCC" } }; _entries.Add(new Guid(msftWhfbHardwareVbs.AaGuid), msftWhfbHardwareVbs); foreach (var entry in _entries) { entry.Value.MetadataStatement.AaGuid = entry.Value.AaGuid; } _toc = new MetadataTOCPayload() { Entries = _entries.Select(o => o.Value).ToArray(), NextUpdate = _cacheUntil?.ToString("yyyy-MM-dd") ?? "", //Results in no caching LegalHeader = "Static FAKE", Number = 1 }; return(_toc); }
protected virtual async Task LoadEntryStatement(IMetadataRepository repository, MetadataTOCPayload toc, MetadataTOCPayloadEntry entry) { if (entry.AaGuid != null) { var statement = await repository.GetMetadataStatement(toc, entry); if (!string.IsNullOrWhiteSpace(statement.AaGuid)) { _metadataStatements.TryAdd(Guid.Parse(statement.AaGuid), statement); } } }