public async Task TestFido2AssertionAsync()
{
//var existingKey = "45-43-53-31-20-00-00-00-0E-B4-F3-73-C2-AC-7D-F7-7E-7D-17-D3-A3-A2-CC-AB-E5-C6-B1-42-ED-10-AC-7C-15-72-39-8D-75-C6-5B-B9-76-09-33-A0-30-F2-44-51-C8-31-AF-72-9B-4F-7B-AB-4F-85-2D-7D-1F-E0-B5-BD-A3-3D-0E-D6-18-04-CD-98";
//var key2 = "45-43-53-31-20-00-00-00-1D-60-44-D7-92-A0-0C-1E-3B-F9-58-5A-28-43-92-FD-F6-4F-BB-7F-8E-86-33-38-30-A4-30-5D-4E-2C-71-E3-53-3C-7B-98-81-99-FE-A9-DA-D9-24-8E-04-BD-C7-86-40-D3-03-1E-6E-00-81-7D-85-C3-A2-19-C9-21-85-8D";
//var key2 = "45-43-53-31-20-00-00-00-A9-E9-12-2A-37-8A-F0-74-E7-BA-52-54-B0-91-55-46-DB-21-E5-2C-01-B8-FB-69-CD-E5-ED-02-B6-C3-16-E3-1A-59-16-C1-43-87-0D-04-B9-94-7F-CF-56-E5-AA-5E-96-8C-5B-27-8F-83-F4-E2-50-AB-B3-F6-28-A1-F8-9E";
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./AttestationNoneOptions.json"));
var response = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./AttestationNoneResponse.json"));
var o = AuthenticatorAttestationResponse.Parse(response);
await o.VerifyAsync(options, "https://localhost:44329", (x) => Task.FromResult(true), MetadataService, null);
var credId = "F1-3C-7F-08-3C-A2-29-E0-B4-03-E8-87-34-6E-FC-7F-98-53-10-3A-30-91-75-67-39-7A-D1-D8-AF-87-04-61-87-EF-95-31-85-60-F3-5A-1A-2A-CF-7D-B0-1D-06-B9-69-F9-AB-F4-EC-F3-07-3E-CF-0F-71-E8-84-E8-41-20";
var allowedCreds = new List <PublicKeyCredentialDescriptor>()
{
new PublicKeyCredentialDescriptor()
{
Id = StringToByteArray(credId),
Type = PublicKeyCredentialType.PublicKey
}
};
// assertion
var aoptions = Get <AssertionOptions>("./assertionNoneOptions.json");
var aresponse = Get <AuthenticatorAssertionRawResponse>("./assertionNoneResponse.json");
// signed assertion?
//var cng = CngKey.Import(StringToByteArray(key2), CngKeyBlobFormat.EccPublicBlob);
//var existingPublicKey = new ECDsaCng(cng);
//fido2.MakeAssertion(aresponse, aoptions, response.);
}
public async Task TestNoneAttestationAsync()
{
var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsNone.json"));
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsNone.json"));
var o = AuthenticatorAttestationResponse.Parse(jsonPost);
await o.VerifyAsync(_config, options, _expectedOrigin, (x) => Task.FromResult(true), _metadataService, null);
}
public async Task TestNoneAttestationAsync()
{
var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsNone.json"));
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsNone.json"));
var o = AuthenticatorAttestationResponse.Parse(jsonPost);
await o.VerifyAsync(options, "https://localhost:44329", (x) => Task.FromResult(true), MetadataService, null);
}
public async Task TaskPackedAttestation512()
{
var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsPacked512.json"));
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsPacked512.json"));
var o = AuthenticatorAttestationResponse.Parse(jsonPost);
await o.VerifyAsync(options, "https://localhost:44329", (x) => Task.FromResult(true), null, null);
byte[] ad = o.AttestationObject.AuthData;
}
public async Task TestAndroidKeyAttestationAsync()
{
var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationAndroidKeyResponse.json"));
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationAndroidKeyOptions.json"));
var o = AuthenticatorAttestationResponse.Parse(jsonPost);
await o.VerifyAsync(options, config, (x) => Task.FromResult(true), MetadataService, null);
byte[] ad = o.AttestationObject.AuthData;
}
public async Task TaskPackedAttestation512()
{
var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsPacked512.json"));
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsPacked512.json"));
var o = AuthenticatorAttestationResponse.Parse(jsonPost);
await o.VerifyAsync(options, _config, (x) => Task.FromResult(true), _metadataService, null);
byte[] ad = o.AttestationObject.AuthData;
// TODO : Why read ad ? Is the test finished ?
}
public async Task TestParsingAsync()
{
var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./json1.json"));
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./options1.json"));
Assert.NotNull(jsonPost);
var o = AuthenticatorAttestationResponse.Parse(jsonPost);
await o.VerifyAsync(options, _config, (x) => Task.FromResult(true), _metadataService, null);
}
public async Task TestTPMSHA256AttestationAsync()
{
var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationTPMSHA256Response.json"));
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationTPMSHA256Options.json"));
var o = AuthenticatorAttestationResponse.Parse(jsonPost);
await o.VerifyAsync(_config, options, _expectedOrigin, (x) => Task.FromResult(true), _metadataService, null);
byte[] ad = o.AttestationObject.AuthData;
// TODO : Why read ad ? Is the test finished ?
}
public void TestAuthenticatorAttestationReponseAttestationObjectNull(byte[] value)
{
var rawResponse = new AuthenticatorAttestationRawResponse
{
Response = new AuthenticatorAttestationRawResponse.ResponseData()
{
AttestationObject = value,
}
};
var ex = Assert.Throws <Fido2VerificationException>(() => AuthenticatorAttestationResponse.Parse(rawResponse));
Assert.Equal("Missing AttestationObject", ex.Message);
}
public void TestAuthenticatorAttestationResponseNull()
{
var rawResponse = new AuthenticatorAttestationRawResponse
{
Type = PublicKeyCredentialType.PublicKey,
Id = new byte[] { 0xf1, 0xd0 },
RawId = new byte[] { 0xf1, 0xd0 },
Response = null,
};
var ex = Assert.Throws <Fido2VerificationException>(() => AuthenticatorAttestationResponse.Parse(rawResponse));
Assert.Equal("Expected rawResponse, got null", ex.Message);
}
public async Task TestAppleAttestationAsync()
{
var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationAppleResponse.json"));
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationAppleOptions.json"));
var o = AuthenticatorAttestationResponse.Parse(jsonPost);
var config = new Fido2Configuration {
Origin = "https://6cc3c9e7967a.ngrok.io"
};
await o.VerifyAsync(options, config, (x) => Task.FromResult(true), _metadataService, null);
byte[] ad = o.AttestationObject.AuthData;
// TODO : Why read ad ? Is the test finished ?
}
public async Task TestPackedAttestationAsync()
{
var jsonPost = JsonConvert.DeserializeObject <AuthenticatorAttestationRawResponse>(File.ReadAllText("./attestationResultsPacked.json"));
var options = JsonConvert.DeserializeObject <CredentialCreateOptions>(File.ReadAllText("./attestationOptionsPacked.json"));
var o = AuthenticatorAttestationResponse.Parse(jsonPost);
await o.VerifyAsync(options, _config, (x) => Task.FromResult(true), _metadataService, null);
byte[] ad = o.AttestationObject.AuthData;
var authData = new AuthenticatorData(ad);
Assert.True(authData.ToByteArray().SequenceEqual(ad));
var acdBytes = authData.AttestedCredentialData.ToByteArray();
var acd = new AttestedCredentialData(acdBytes);
Assert.True(acd.ToByteArray().SequenceEqual(acdBytes));
}
public void TestAuthenticatorAttestationObjectBadCBOR(byte[] value)
{
var rawResponse = new AuthenticatorAttestationRawResponse
{
Response = new AuthenticatorAttestationRawResponse.ResponseData()
{
AttestationObject = value,
}
};
var ex = Assert.Throws <Fido2VerificationException>(() => AuthenticatorAttestationResponse.Parse(rawResponse));
Assert.Equal("AttestationObject invalid CBOR", ex.Message);
var innerEx = (CborContentException)ex.InnerException;
Assert.Equal("Declared definite length of CBOR data item exceeds available buffer size.", innerEx.Message);
}
public void TestAuthenticatorAttestationRawResponseNull()
{
var ex = Assert.Throws <Fido2VerificationException>(() => AuthenticatorAttestationResponse.Parse(null));
Assert.Equal("Expected rawResponse, got null", ex.Message);
}
public async Task <IActionResult> RegisterCallback([FromBody] AuthenticatorAttestationRawResponse model)
{
var sub = HttpContext.User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value;
if (string.IsNullOrEmpty(sub))
{
return(RedirectToAction("Index", "Home"));
}
var user = await _users.FindByIdAsync(sub);
if (user == null)
{
return(RedirectToAction("Index", "Home"));
}
try
{
// 1. get the options we sent the client
var jsonOptions = HttpContext.Session.GetString("fido2.attestationOptions");
var options = CredentialCreateOptions.FromJson(jsonOptions);
var authenticatorName = HttpContext.Session.GetString("fido2.attestationOptions.authenticatorType");
// 2. Create callback so that lib can verify credential id is unique to this user
IsCredentialIdUniqueToUserAsyncDelegate callback = async(IsCredentialIdUniqueToUserParams args) =>
{
var users = _authContext.FidoLogins.Where(l => l.PublicKeyIdBytes.SequenceEqual(args.CredentialId));
if (users.Count() > 0)
{
return(false);
}
return(true);
};
// 2. Verify and make the credentials
var success = await _lib.MakeNewCredentialAsync(model, options, callback);
var parsedResponse = AuthenticatorAttestationResponse.Parse(model);;
var authData = new AuthenticatorData(parsedResponse.AttestationObject.AuthData);
var dbUser = _authContext.Users.First(x => x.Id == user.Id);
dbUser.TwoFactorEnabled = true;
var login = new FidoLogin()
{
PublicKeyIdBytes = success.Result.CredentialId,
PublicKeyId = Fido2NetLib.Base64Url.Encode(success.Result.CredentialId),
AaGuid = success.Result.Aaguid.ToString(),
PublicKey = success.Result.PublicKey,
SignatureCounter = success.Result.Counter,
CredType = success.Result.CredType,
RegistrationDate = DateTime.Now,
User = dbUser,
UserHandle = success.Result.User.Id,
AuthenticatorName = authenticatorName
};
_authContext.FidoLogins.Add(login);
_authContext.SaveChanges();
// 4. return "ok" to the client
return(Json(new { success = true }));
}
catch (Exception e)
{
return(Json(new { error = true }));
}
}
public static ServerAttestationResultRequest ConvertToServerAttestationResultRequest(AuthenticatorAttestationResponse authenticatorAttestationResponse)
{
ServerAttestationResultRequest request = new ServerAttestationResultRequest();
ServerAttestationResultResponseRequest attestationResponse = new ServerAttestationResultResponseRequest();
attestationResponse.AttestationObject = ByteUtils.ByteToBase64(authenticatorAttestationResponse.GetAttestationObject());
attestationResponse.ClientDataJSON = ByteUtils.ByteToBase64(authenticatorAttestationResponse.GetClientDataJson());
request.Response = attestationResponse;
request.Id = ByteUtils.ByteToBase64(authenticatorAttestationResponse.GetCredentialId());
request.Type = "public-key";
return(request);
}
