public void Serialize()
{
var clientData = new FidoClientData
{
Challenge = "challenge",
Origin = "http://example.com",
Type = "sometype"
};
var serialized = clientData.ToJson();
var jsonObject = JObject.Parse(serialized);
var properties = jsonObject.Properties().ToLookup(x => x.Name.ToLowerInvariant(), x => x.Value.ToString());
Assert.AreEqual("challenge", properties["challenge"].Single());
Assert.AreEqual("http://example.com", properties["origin"].Single());
Assert.AreEqual("sometype", properties["typ"].Single());
}
public static FidoClientData FromJson(string json)
{
if (json == null)
{
throw new ArgumentNullException("json");
}
var element = JObject.Parse(json);
if (element == null)
{
throw new InvalidOperationException("Client data must be in JSON format");
}
JToken type, challenge, orgin;
if (!element.TryGetValue("typ", out type))
{
throw new InvalidOperationException("Client data is missing 'typ' param");
}
if (!element.TryGetValue("challenge", out challenge))
{
throw new InvalidOperationException("Client data is missing 'challenge' param");
}
var clientData = new FidoClientData
{
_overriddenRawJsonValue = json,
Type = type.ToString(),
Challenge = challenge.ToString()
};
if (element.TryGetValue("origin", out orgin))
{
clientData.Origin = orgin.ToString();
}
return(clientData);
}
public FidoAuthenticateResponse(FidoClientData clientData, FidoSignatureData signatureData, FidoKeyHandle keyHandle)
{
ClientData = clientData;
SignatureData = signatureData;
KeyHandle = keyHandle;
}
public static FidoClientData FromJson(string json)
{
if (json == null) throw new ArgumentNullException("json");
var element = JObject.Parse(json);
if (element == null)
throw new InvalidOperationException("Client data must be in JSON format");
JToken type, challenge, orgin;
if (!element.TryGetValue("typ", out type))
throw new InvalidOperationException("Client data is missing 'typ' param");
if (!element.TryGetValue("challenge", out challenge))
throw new InvalidOperationException("Client data is missing 'challenge' param");
var clientData = new FidoClientData
{
_overriddenRawJsonValue = json,
Type = type.ToString(),
Challenge = challenge.ToString()
};
if (element.TryGetValue("origin", out orgin))
clientData.Origin = orgin.ToString();
return clientData;
}
private void VerifyResponseSignature(FidoAppId appId, FidoRegistrationData registrationData, FidoClientData clientData)
{
if (appId == null) throw new ArgumentNullException("appId");
if (registrationData == null) throw new ArgumentNullException("registrationData");
if (clientData == null) throw new ArgumentNullException("clientData");
if (String.IsNullOrEmpty(clientData.RawJsonValue))
throw new InvalidOperationException("Client data has no JSON representation");
var signedBytes = PackBytes(
new byte[] { 0 },
Helpers.Sha256(appId.ToString()),
Helpers.Sha256(clientData.RawJsonValue),
registrationData.KeyHandle.ToByteArray(),
registrationData.UserPublicKey.ToByteArray());
VerifySignature(registrationData.AttestationCertificate, registrationData.Signature, signedBytes);
}
private void VerifyAuthSignature(FidoAppId appId, FidoSignatureData signatureData, FidoClientData clientData,
FidoDeviceRegistration deviceRegistration)
{
if (appId == null) throw new ArgumentNullException("appId");
if (signatureData == null) throw new ArgumentNullException("signatureData");
if (clientData == null) throw new ArgumentNullException("clientData");
if (deviceRegistration == null) throw new ArgumentNullException("deviceRegistration");
if (String.IsNullOrEmpty(clientData.RawJsonValue))
throw new InvalidOperationException("Client data has no JSON representation");
var counterBytes = BitConverter.GetBytes(signatureData.Counter);
if (BitConverter.IsLittleEndian)
Array.Reverse(counterBytes);
var signedBytes = PackBytes(
Helpers.Sha256(appId.ToString()),
new [] { signatureData.UserPresence },
counterBytes,
Helpers.Sha256(clientData.RawJsonValue));
VerifySignature(deviceRegistration, signatureData.Signature, signedBytes);
if (signatureData.UserPresence != UserPresentFlag)
throw new InvalidOperationException("User presence invalid during authentication");
}
private static void ExpectClientDataType(FidoClientData clientData, string expectedType)
{
if (clientData.Type == expectedType) return;
var message = String.Format("Unexpected type in client data (expected '{0}' but was '{1}')",
expectedType, clientData.Type);
throw new InvalidOperationException(message);
}
public FidoAuthenticateResponse(FidoClientData clientData, FidoSignatureData signatureData, FidoKeyHandle keyHandle)
{
ClientData = clientData;
SignatureData = signatureData;
KeyHandle = keyHandle;
}