public bool AuthenticateUser(string userName, string deviceResponse) { if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse)) return false; User user = _userRepository.FindUser(userName); if (user == null) return false; AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson<AuthenticateResponse>(deviceResponse); var device = user.DeviceRegistrations.FirstOrDefault(f=> f.KeyHandle.SequenceEqual(Utils.Base64StringToByteArray(authenticateResponse.KeyHandle))); if (device == null || user.AuthenticationRequest == null) return false; // User will have a authentication request for each device they have registered so get the one that matches the device key handle AuthenticationRequest authenticationRequest = user.AuthenticationRequest.First(f => f.KeyHandle.Equals(authenticateResponse.KeyHandle)); DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, Convert.ToUInt32(device.Counter)); StartedAuthentication authentication = new StartedAuthentication(authenticationRequest.Challenge, authenticationRequest.AppId, authenticationRequest.KeyHandle); U2F.FinishAuthentication(authentication, authenticateResponse, registration); _userRepository.RemoveUsersAuthenticationRequests(user.Name); _userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter); return true; }
public bool AuthenticateUser(string userName, string deviceResponse) { if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse)) return false; User user = _userRepository.FindUser(userName); if (user == null) return false; AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson<AuthenticateResponse>(deviceResponse); var device = user.DeviceRegistrations.FirstOrDefault(); if (device == null || user.AuthenticationRequest == null) return false; DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, device.Counter); StartedAuthentication authentication = new StartedAuthentication(user.AuthenticationRequest.Challenge, user.AuthenticationRequest.AppId, user.AuthenticationRequest.KeyHandle); U2F.FinishAuthentication(authentication, authenticateResponse, registration); _userRepository.RemoveUsersAuthenticationRequest(user.Name); _userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter); return true; }
public void StartedAuthentication_Equals() { StartedAuthentication sameStartedAuthentication = new StartedAuthentication( TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_ID_ENROLL, TestConts.KEY_HANDLE_BASE64); StartedAuthentication startedAuthentication = StartedAuthentication.FromJson<StartedAuthentication>(JsonData); Assert.IsTrue(startedAuthentication.Equals(sameStartedAuthentication)); }
public void Setup() { StartedAuthentication startedAuthentication = new StartedAuthentication(TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_ID_ENROLL, TestConts.KEY_HANDLE_BASE64); _authenticateResponse = new AuthenticateResponse(TestConts.CLIENT_DATA_AUTHENTICATE_BASE64, TestConts.SIGN_RESPONSE_DATA_BASE64, TestConts.KEY_HANDLE_BASE64); clientData = _authenticateResponse.GetClientData(); clientData.CheckContent(AuthenticateTyp, startedAuthentication.Challenge, null); }
/** * Finishes a previously started authentication. * * @param startedAuthentication * @param response the response from the token/client. * @return the new value of the DeviceRegistration's counter. */ public static void FinishAuthentication(StartedAuthentication startedAuthentication, AuthenticateResponse response, DeviceRegistration deviceRegistration, HashSet<String> facets = null) { ClientData clientData = response.GetClientData(); clientData.CheckContent(AuthenticateTyp, startedAuthentication.Challenge, facets); RawAuthenticateResponse authenticateResponse = RawAuthenticateResponse.FromBase64(response.SignatureData); authenticateResponse.CheckSignature(startedAuthentication.AppId, clientData.AsJson(), deviceRegistration.PublicKey); authenticateResponse.CheckUserPresence(); deviceRegistration.CheckAndUpdateCounter(authenticateResponse.Counter); }
public void StartedAuthentication_ConstructsProperly() { StartedAuthentication startedAuthentication = new StartedAuthentication( TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_ID_ENROLL, TestConts.KEY_HANDLE_BASE64); Assert.IsNotNull(startedAuthentication); Assert.IsNotNull(startedAuthentication.Version); Assert.IsNotNull(startedAuthentication.ToJson()); Assert.IsTrue(startedAuthentication.GetHashCode() != 0); Assert.AreEqual(TestConts.APP_ID_ENROLL, startedAuthentication.AppId); Assert.AreEqual(TestConts.KEY_HANDLE_BASE64, startedAuthentication.KeyHandle); Assert.AreEqual(TestConts.SERVER_CHALLENGE_SIGN_BASE64, startedAuthentication.Challenge); }
public void U2F_FinishAuthentication() { StartedAuthentication startedAuthentication = new StartedAuthentication( TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_SIGN_ID, TestConts.KEY_HANDLE_BASE64); AuthenticateResponse authenticateResponse = new AuthenticateResponse( TestConts.CLIENT_DATA_AUTHENTICATE_BASE64, TestConts.SIGN_RESPONSE_DATA_BASE64, TestConts.KEY_HANDLE_BASE64); DeviceRegistration deviceRegistration = new DeviceRegistration(TestConts.KEY_HANDLE_BASE64_BYTE, TestConts.USER_PUBLIC_KEY_AUTHENTICATE_HEX, Utils.Base64StringToByteArray(TestConts.ATTESTATION_CERTIFICATE), 0); uint orginalValue = deviceRegistration.Counter; U2F.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration); Assert.IsTrue(deviceRegistration.Counter != 0); Assert.AreNotEqual(orginalValue, deviceRegistration.Counter); }
public override bool Equals(Object obj) { if (this == obj) { return(true); } if (obj == null) { return(false); } if (GetType() != obj.GetType()) { return(false); } StartedAuthentication other = (StartedAuthentication)obj; if (AppId == null) { if (other.AppId != null) { return(false); } } else if (!AppId.Equals(other.AppId)) { return(false); } if (Challenge == null) { if (other.Challenge != null) { return(false); } } else if (!Challenge.Equals(other.Challenge)) { return(false); } if (KeyHandle == null) { if (other.KeyHandle != null) { return(false); } } else if (!KeyHandle.Equals(other.KeyHandle)) { return(false); } if (Version == null) { if (other.Version != null) { return(false); } } else if (!Version.Equals(other.Version)) { return(false); } return(true); }
private void CreateResponses() { _startedRegistration = new StartedRegistration(TestConts.SERVER_CHALLENGE_REGISTER_BASE64, TestConts.APP_ID_ENROLL); _registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64, TestConts.CLIENT_DATA_REGISTER_BASE64); _deviceRegistration = new DeviceRegistration( TestConts.KEY_HANDLE_BASE64_BYTE, TestConts.USER_PUBLIC_KEY_AUTHENTICATE_HEX, Utils.Base64StringToByteArray(TestConts.ATTESTATION_CERTIFICATE), 0); _authenticateResponse = new AuthenticateResponse( TestConts.CLIENT_DATA_AUTHENTICATE_BASE64, TestConts.SIGN_RESPONSE_DATA_BASE64, TestConts.KEY_HANDLE_BASE64); _startedAuthentication = new StartedAuthentication( TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_SIGN_ID, TestConts.KEY_HANDLE_BASE64); }