Exemplo n.º 1
0
        /// <summary>
        /// Build the request for Regist a New FIDO2 Key using FIDO2
        /// </summary>
        public static PublicKeyCredentialCreationOptions ParsePublicKeyCredentialCreationOptions(Fido2RegistrationChallengeResponse data)
        {
            if (data == null)
            {
                return(null);
            }

            PublicKeyCredentialCreationOptions.Builder builder = new PublicKeyCredentialCreationOptions.Builder();
            if (data.Challenge != null && data.Challenge.Length > 0)
            {
                // Challenge to be sign
                builder.SetChallenge(CoreHelpers.Base64UrlDecode(data.Challenge));
            }
            if (data.ExcludeCredentials != null && data.ExcludeCredentials.Count > 0)
            {
                // List of FIDO2 Keys that already are registered to the user and shouldn't be excluded of registering again
                builder.SetExcludeList(ParseCredentialDescriptors(data.ExcludeCredentials));
            }
            if (data.Timeout > 0)
            {
                // temp limit to regist a new key
                builder.SetTimeoutSeconds((Java.Lang.Double)data.Timeout);
            }
            if (data.User != null)
            {
                // User information
                builder.SetUser(ParseUser(data.User));
            }
            if (data.Rp != null)
            {
                // Server information
                builder.SetRp(ParseRp(data.Rp));
            }
            if (data.PubKeyCredParams != null)
            {
                //Algorithm information
                builder.SetParameters(ParseParameters(data.PubKeyCredParams));
            }
            if (data.AuthenticatorSelection != null)
            {
                // Options of regist selected
                builder.SetAuthenticatorSelection(ParseSelection(data.AuthenticatorSelection));
            }
            if (data.attestation != null)
            {
                // It is how the signature is given, anonymously or direct.
                //Skip
            }
            if (data.Extensions != null)
            {
                // Adicional parameter to improve even more the security
                //Skip
            }
            return(builder.Build());
        }
Exemplo n.º 2
0
        /// <summary>
        /// Build the request for Regist a New FIDO2 Key using FIDO2
        /// </summary>
        public static PublicKeyCredentialCreationOptions ParsePublicKeyCredentialCreationOptions(Dictionary <string, object> data)
        {
            PublicKeyCredentialCreationOptions.Builder builder = new PublicKeyCredentialCreationOptions.Builder();
            foreach (KeyValuePair <string, object> entry in data)
            {
                switch (entry.Key)
                {
                case "user":     // User information
                    builder.SetUser(ParseUser((Dictionary <string, string>)entry.Value));
                    break;

                case "challenge":     // Challenge to be sign
                    builder.SetChallenge(CoreHelpers.Base64UrlDecode((string)entry.Value));
                    break;

                case "pubKeyCredParams":     //Algorithm information
                    builder.SetParameters(ParseParameters((List <Dictionary <string, object> >)entry.Value));
                    break;

                case "authenticatorSelection":     // Options of regist selected
                    builder.SetAuthenticatorSelection(ParseSelection((Dictionary <string, string>)entry.Value));
                    break;

                case "excludeCredentials":     // List of FIDO2 Keys that already are registered to the user and shouldn't be excluded of registering again
                    builder.SetExcludeList(ParseCredentialDescriptors((List <Dictionary <string, object> >)entry.Value));
                    break;

                case "rpId":     // Server ID information
                    builder.SetRp(new PublicKeyCredentialRpEntity((string)entry.Value, null, null));
                    break;

                case "rp":     // Server information
                    builder.SetRp(ParseRp((Dictionary <string, string>)entry.Value));
                    break;

                case "timeout":     // temp limit to regist a new key
                    builder.SetTimeoutSeconds((Java.Lang.Double)(double) entry.Value);
                    break;

                case "userVerification":     // Require that user has to verify before using FIDO2
                    //Skip
                    break;

                case "attestation":     //It is how the signature is given, anonymously or direct.
                    //Skip
                    break;
                }
            }
            return(builder.Build());
        }
        public static PublicKeyCredentialCreationOptions ConvertToPublicKeyCredentialCreationOptions(IFido2Client fido2Client,
                                                                                                     ServerPublicKeyCredentialCreationOptionsResponse response)
        {
            PublicKeyCredentialCreationOptions.Builder builder = new PublicKeyCredentialCreationOptions.Builder();

            string name = response.Rp.Name;
            PublicKeyCredentialRpEntity entity = new PublicKeyCredentialRpEntity(name, name, null);

            builder.SetRp(entity);

            string id = response.User.Id;

            try
            {
                builder.SetUser(new PublicKeyCredentialUserEntity(id, System.Text.Encoding.UTF8.GetBytes(id)));
            }
            catch (UnsupportedEncodingException e)
            {
                Log.Error(Tag, e.Message, e);
            }

            builder.SetChallenge(ByteUtils.Base64ToByte(response.Challenge));

            if (response.PubKeyCredParams != null)
            {
                List <PublicKeyCredentialParameters>  parameters = new List <PublicKeyCredentialParameters>();
                ServerPublicKeyCredentialParameters[] serverPublicKeyCredentialParameters = response.PubKeyCredParams;
                foreach (ServerPublicKeyCredentialParameters param in serverPublicKeyCredentialParameters)
                {
                    try
                    {
                        PublicKeyCredentialParameters parameter = new PublicKeyCredentialParameters(
                            PublicKeyCredentialType.PublicKey, Algorithm.FromCode(param.Alg));
                        parameters.Add(parameter);
                    }
                    catch (System.Exception e)
                    {
                        Log.Error(Tag, e.Message, e);
                    }
                }
                builder.SetPubKeyCredParams(parameters);
            }

            if (response.ExcludeCredentials != null)
            {
                List <PublicKeyCredentialDescriptor>  descriptors       = new List <PublicKeyCredentialDescriptor>();
                ServerPublicKeyCredentialDescriptor[] serverDescriptors = response.ExcludeCredentials;
                foreach (ServerPublicKeyCredentialDescriptor desc in serverDescriptors)
                {
                    List <AuthenticatorTransport> transports = new List <AuthenticatorTransport>();
                    if (desc.Transports != null)
                    {
                        try
                        {
                            transports.Add(AuthenticatorTransport.FromValue(desc.Transports));
                        }
                        catch (System.Exception e)
                        {
                            Log.Error(Tag, e.Message, e);
                        }
                    }
                    PublicKeyCredentialDescriptor descriptor = new PublicKeyCredentialDescriptor(
                        PublicKeyCredentialType.PublicKey, ByteUtils.Base64ToByte(desc.Id), transports);
                    descriptors.Add(descriptor);
                }
                builder.SetExcludeList(descriptors);
            }

            Attachment attachment = null;

            if (response.AuthenticatorSelection != null)
            {
                ServerAuthenticatorSelectionCriteria selectionCriteria = response.AuthenticatorSelection;
                if (selectionCriteria.AuthenticatorAttachment != null)
                {
                    try
                    {
                        attachment = Attachment.FromValue(selectionCriteria.AuthenticatorAttachment);
                    }
                    catch (System.Exception e)
                    {
                        Log.Error(Tag, e.Message, e);
                    }
                }

                bool residentKey = selectionCriteria.IsRequireResidentKey;

                UserVerificationRequirement requirement = null;
                if (selectionCriteria.UserVerification != null)
                {
                    try
                    {
                        requirement = UserVerificationRequirement.FromValue(selectionCriteria.UserVerification);
                    }
                    catch (System.Exception e)
                    {
                        Log.Error(Tag, e.Message, e);
                    }
                }

                AuthenticatorSelectionCriteria fido2Selection =
                    new AuthenticatorSelectionCriteria(attachment, (Java.Lang.Boolean)residentKey, requirement);
                builder.SetAuthenticatorSelection(fido2Selection);
            }

            // attestation
            if (response.Attestation != null)
            {
                try
                {
                    AttestationConveyancePreference preference =
                        AttestationConveyancePreference.FromValue(response.Attestation);
                    builder.SetAttestation(preference);
                }
                catch (System.Exception e)
                {
                    Log.Error(Tag, e.Message, e);
                }
            }

            Dictionary <string, Java.Lang.Object> extensions = new Dictionary <string, Java.Lang.Object>();

            if (response.Extensions != null)
            {
                extensions.AddRangeOverride(response.Extensions);
            }

            // Specify a platform authenticator and related extension items. You can specify a platform
            // authenticator or not as needed.
            if (Attachment.Platform.Equals(attachment))
            {
                UseSelectedPlatformAuthenticator(fido2Client, extensions);
            }
            builder.SetExtensions(extensions);
            builder.SetTimeoutSeconds((Java.Lang.Long)response.Timeout);
            return(builder.Build());
        }