예제 #1
0
        public X509Certificate2 CreateSelfSignedCertificate(Result result, string rpName, string userName, TimeSpan expirationDate)
        {
            DateTime notBefore = DateTime.Now;
            DateTime notAfter  = notBefore + expirationDate;

            return(CryptoBC.CreateSelfSignedCertificate(result?.PublicKeyPem, rpName, userName, "g.FIDO2.Util", "AttestationVerifier", notBefore, notAfter));
        }
예제 #2
0
        protected Result Verify(byte[] challenge, Attestation att)
        {
            var result = new Result();

            // Verifyの結果によらず | Regardless of the result of Verify
            {
                var decAuthdata = new DecodedAuthData();
                decAuthdata.Decode(att.AuthData);
                result.CredentialID = decAuthdata.CredentialId;
                result.PublicKeyPem = decAuthdata.PublicKeyPem;
            }

            //If an x5c certificate is used for attestation (attCA)
            if (att.AttStmtX5c != null)
            {
                var cert = DerConverter.ToPemCertificate(att.AttStmtX5c);
                var publicKeyforVerify = CryptoBC.GetPublicKeyPEMfromCert(cert);
                if (!string.IsNullOrEmpty(publicKeyforVerify))
                {
                    result.IsSuccess = VerifyPublicKey(publicKeyforVerify, challenge, att.AuthData, att.AttStmtSig);
                }
            }
            //Self attestation (signature uses credential keypair instead of attestation keypair)
            else if (att.AttStmtAlg != 0 && att.AttStmtSig != null)
            {
                if (!string.IsNullOrEmpty(result.PublicKeyPem))
                {
                    result.IsSuccess = VerifyPublicKey(result.PublicKeyPem, challenge, att.AuthData, att.AttStmtSig);
                }
            }

            //TODO: Implement check for ECDAA attestation
            //8.2 https://www.w3.org/TR/webauthn/#packed-attestation

            return(result);
        }