예제 #1
0
        /// <summary>
        /// Verifies the response from the browser/authr after creating new credentials
        /// </summary>
        /// <param name="attestationResponse"></param>
        /// <param name="origChallenge"></param>
        /// <returns></returns>
        public async Task <CredentialMakeResult> MakeNewCredentialAsync(AuthenticatorAttestationRawResponse attestationResponse, CredentialCreateOptions origChallenge, IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser, byte[] requestTokenBindingId = null)
        {
            var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse);
            var success        = await parsedResponse.VerifyAsync(origChallenge, Config, isCredentialIdUniqueToUser, Config.MetadataService, requestTokenBindingId);

            // todo: Set Errormessage etc.
            return(new CredentialMakeResult {
                Status = "ok", ErrorMessage = string.Empty, Result = success
            });
        }
        public static AuthenticatorAttestationResponse Parse(AuthenticatorAttestationRawResponse rawResponse)
        {
            if (null == rawResponse || null == rawResponse.Response)
            {
                throw new Fido2VerificationException("Expected rawResponse, got null");
            }

            if (null == rawResponse.Response.AttestationObject || 0 == rawResponse.Response.AttestationObject.Length)
            {
                throw new Fido2VerificationException("Missing AttestationObject");
            }

            CBORObject cborAttestation = null;

            try
            {
                cborAttestation = CBORObject.DecodeFromBytes(rawResponse.Response.AttestationObject);
            }
            catch (CBORException)
            {
                throw new Fido2VerificationException("Malformed AttestationObject");
            }

            if (null == cborAttestation["fmt"] ||
                CBORType.TextString != cborAttestation["fmt"].Type ||
                null == cborAttestation["attStmt"] ||
                CBORType.Map != cborAttestation["attStmt"].Type ||
                null == cborAttestation["authData"] ||
                CBORType.ByteString != cborAttestation["authData"].Type
                )
            {
                throw new Fido2VerificationException("Malformed AttestationObject");
            }

            var response = new AuthenticatorAttestationResponse(rawResponse.Response.ClientDataJson)
            {
                Raw = rawResponse,
                AttestationObject = new ParsedAttestationObject()
                {
                    Fmt      = cborAttestation["fmt"].AsString(),
                    AttStmt  = cborAttestation["attStmt"], // convert to dictionary?
                    AuthData = cborAttestation["authData"].GetByteString()
                }
            };

            return(response);
        }
        public static AuthenticatorAttestationResponse Parse(AuthenticatorAttestationRawResponse rawResponse)
        {
            if (null == rawResponse || null == rawResponse.Response)
            {
                throw new Fido2VerificationException("Expected rawResponse, got null");
            }

            if (null == rawResponse.Response.AttestationObject || 0 == rawResponse.Response.AttestationObject.Length)
            {
                throw new Fido2VerificationException("Missing AttestationObject");
            }

            // 8. Perform CBOR decoding on the attestationObject field of the AuthenticatorAttestationResponse structure to obtain the attestation statement format fmt, the authenticator data authData, and the attestation statement attStmt.
            CBORObject cborAttestation;

            try
            {
                cborAttestation = CBORObject.DecodeFromBytes(rawResponse.Response.AttestationObject);
            }
            catch (CBORException ex)
            {
                throw new Fido2VerificationException("AttestationObject invalid CBOR", ex);
            }

            if (null == cborAttestation["fmt"] ||
                CBORType.TextString != cborAttestation["fmt"].Type ||
                null == cborAttestation["attStmt"] ||
                CBORType.Map != cborAttestation["attStmt"].Type ||
                null == cborAttestation["authData"] ||
                CBORType.ByteString != cborAttestation["authData"].Type)
            {
                throw new Fido2VerificationException("Malformed AttestationObject");
            }

            var response = new AuthenticatorAttestationResponse(rawResponse.Response.ClientDataJson)
            {
                Raw = rawResponse,
                AttestationObject = new ParsedAttestationObject()
                {
                    Fmt      = cborAttestation["fmt"].AsString(),
                    AttStmt  = cborAttestation["attStmt"], // convert to dictionary?
                    AuthData = cborAttestation["authData"].GetByteString()
                }
            };

            return(response);
        }
예제 #4
0
        /// <summary>
        /// Verifies the response from the browser/authr after creating new credentials
        /// </summary>
        /// <param name="attestationResponse"></param>
        /// <param name="origChallenge"></param>
        /// <param name="isCredentialIdUniqueToUser"></param>
        /// <param name="requestTokenBindingId"></param>
        /// <param name="cancellationToken"></param>
        /// <returns></returns>
        public async Task <CredentialMakeResult> MakeNewCredentialAsync(
            AuthenticatorAttestationRawResponse attestationResponse,
            CredentialCreateOptions origChallenge,
            IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
            byte[]?requestTokenBindingId        = null,
            CancellationToken cancellationToken = default)
        {
            var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse);
            var success        = await parsedResponse.VerifyAsync(origChallenge, _config, isCredentialIdUniqueToUser, _metadataService, requestTokenBindingId, cancellationToken);

            // todo: Set Errormessage etc.
            return(new CredentialMakeResult(
                       status: "ok",
                       errorMessage: string.Empty,
                       result: success
                       ));
        }