/// <summary>
/// Build the request for Regist a New FIDO2 Key using FIDO2
/// </summary>
public static PublicKeyCredentialCreationOptions ParsePublicKeyCredentialCreationOptions(Fido2RegistrationChallengeResponse data)
{
if (data == null)
{
return(null);
}
PublicKeyCredentialCreationOptions.Builder builder = new PublicKeyCredentialCreationOptions.Builder();
if (data.Challenge != null && data.Challenge.Length > 0)
{
// Challenge to be sign
builder.SetChallenge(CoreHelpers.Base64UrlDecode(data.Challenge));
}
if (data.ExcludeCredentials != null && data.ExcludeCredentials.Count > 0)
{
// List of FIDO2 Keys that already are registered to the user and shouldn't be excluded of registering again
builder.SetExcludeList(ParseCredentialDescriptors(data.ExcludeCredentials));
}
if (data.Timeout > 0)
{
// temp limit to regist a new key
builder.SetTimeoutSeconds((Java.Lang.Double)data.Timeout);
}
if (data.User != null)
{
// User information
builder.SetUser(ParseUser(data.User));
}
if (data.Rp != null)
{
// Server information
builder.SetRp(ParseRp(data.Rp));
}
if (data.PubKeyCredParams != null)
{
//Algorithm information
builder.SetParameters(ParseParameters(data.PubKeyCredParams));
}
if (data.AuthenticatorSelection != null)
{
// Options of regist selected
builder.SetAuthenticatorSelection(ParseSelection(data.AuthenticatorSelection));
}
if (data.attestation != null)
{
// It is how the signature is given, anonymously or direct.
//Skip
}
if (data.Extensions != null)
{
// Adicional parameter to improve even more the security
//Skip
}
return(builder.Build());
}
/// <summary>
/// Build the request for Regist a New FIDO2 Key using FIDO2
/// </summary>
public static PublicKeyCredentialCreationOptions ParsePublicKeyCredentialCreationOptions(Dictionary <string, object> data)
{
PublicKeyCredentialCreationOptions.Builder builder = new PublicKeyCredentialCreationOptions.Builder();
foreach (KeyValuePair <string, object> entry in data)
{
switch (entry.Key)
{
case "user": // User information
builder.SetUser(ParseUser((Dictionary <string, string>)entry.Value));
break;
case "challenge": // Challenge to be sign
builder.SetChallenge(CoreHelpers.Base64UrlDecode((string)entry.Value));
break;
case "pubKeyCredParams": //Algorithm information
builder.SetParameters(ParseParameters((List <Dictionary <string, object> >)entry.Value));
break;
case "authenticatorSelection": // Options of regist selected
builder.SetAuthenticatorSelection(ParseSelection((Dictionary <string, string>)entry.Value));
break;
case "excludeCredentials": // List of FIDO2 Keys that already are registered to the user and shouldn't be excluded of registering again
builder.SetExcludeList(ParseCredentialDescriptors((List <Dictionary <string, object> >)entry.Value));
break;
case "rpId": // Server ID information
builder.SetRp(new PublicKeyCredentialRpEntity((string)entry.Value, null, null));
break;
case "rp": // Server information
builder.SetRp(ParseRp((Dictionary <string, string>)entry.Value));
break;
case "timeout": // temp limit to regist a new key
builder.SetTimeoutSeconds((Java.Lang.Double)(double) entry.Value);
break;
case "userVerification": // Require that user has to verify before using FIDO2
//Skip
break;
case "attestation": //It is how the signature is given, anonymously or direct.
//Skip
break;
}
}
return(builder.Build());
}
public static PublicKeyCredentialCreationOptions ConvertToPublicKeyCredentialCreationOptions(IFido2Client fido2Client,
ServerPublicKeyCredentialCreationOptionsResponse response)
{
PublicKeyCredentialCreationOptions.Builder builder = new PublicKeyCredentialCreationOptions.Builder();
string name = response.Rp.Name;
PublicKeyCredentialRpEntity entity = new PublicKeyCredentialRpEntity(name, name, null);
builder.SetRp(entity);
string id = response.User.Id;
try
{
builder.SetUser(new PublicKeyCredentialUserEntity(id, System.Text.Encoding.UTF8.GetBytes(id)));
}
catch (UnsupportedEncodingException e)
{
Log.Error(Tag, e.Message, e);
}
builder.SetChallenge(ByteUtils.Base64ToByte(response.Challenge));
if (response.PubKeyCredParams != null)
{
List <PublicKeyCredentialParameters> parameters = new List <PublicKeyCredentialParameters>();
ServerPublicKeyCredentialParameters[] serverPublicKeyCredentialParameters = response.PubKeyCredParams;
foreach (ServerPublicKeyCredentialParameters param in serverPublicKeyCredentialParameters)
{
try
{
PublicKeyCredentialParameters parameter = new PublicKeyCredentialParameters(
PublicKeyCredentialType.PublicKey, Algorithm.FromCode(param.Alg));
parameters.Add(parameter);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
builder.SetPubKeyCredParams(parameters);
}
if (response.ExcludeCredentials != null)
{
List <PublicKeyCredentialDescriptor> descriptors = new List <PublicKeyCredentialDescriptor>();
ServerPublicKeyCredentialDescriptor[] serverDescriptors = response.ExcludeCredentials;
foreach (ServerPublicKeyCredentialDescriptor desc in serverDescriptors)
{
List <AuthenticatorTransport> transports = new List <AuthenticatorTransport>();
if (desc.Transports != null)
{
try
{
transports.Add(AuthenticatorTransport.FromValue(desc.Transports));
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
PublicKeyCredentialDescriptor descriptor = new PublicKeyCredentialDescriptor(
PublicKeyCredentialType.PublicKey, ByteUtils.Base64ToByte(desc.Id), transports);
descriptors.Add(descriptor);
}
builder.SetExcludeList(descriptors);
}
Attachment attachment = null;
if (response.AuthenticatorSelection != null)
{
ServerAuthenticatorSelectionCriteria selectionCriteria = response.AuthenticatorSelection;
if (selectionCriteria.AuthenticatorAttachment != null)
{
try
{
attachment = Attachment.FromValue(selectionCriteria.AuthenticatorAttachment);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
bool residentKey = selectionCriteria.IsRequireResidentKey;
UserVerificationRequirement requirement = null;
if (selectionCriteria.UserVerification != null)
{
try
{
requirement = UserVerificationRequirement.FromValue(selectionCriteria.UserVerification);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
AuthenticatorSelectionCriteria fido2Selection =
new AuthenticatorSelectionCriteria(attachment, (Java.Lang.Boolean)residentKey, requirement);
builder.SetAuthenticatorSelection(fido2Selection);
}
// attestation
if (response.Attestation != null)
{
try
{
AttestationConveyancePreference preference =
AttestationConveyancePreference.FromValue(response.Attestation);
builder.SetAttestation(preference);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
Dictionary <string, Java.Lang.Object> extensions = new Dictionary <string, Java.Lang.Object>();
if (response.Extensions != null)
{
extensions.AddRangeOverride(response.Extensions);
}
// Specify a platform authenticator and related extension items. You can specify a platform
// authenticator or not as needed.
if (Attachment.Platform.Equals(attachment))
{
UseSelectedPlatformAuthenticator(fido2Client, extensions);
}
builder.SetExtensions(extensions);
builder.SetTimeoutSeconds((Java.Lang.Long)response.Timeout);
return(builder.Build());
}