/// <summary>
/// GetAllUserRegistrations method implementation
/// </summary>
internal static RegistrationList GetAllUserRegistrations(DataOrderObject order, bool enabledonly = false)
{
EnsureService();
return(RuntimeRepository.GetAllUserRegistrations(Config, order, enabledonly));
}
/// <summary>
/// DisableUserRegistration method implementation
/// </summary>
internal static Registration DisableUserRegistration(Registration reg)
{
EnsureService();
return(RuntimeRepository.DisableUserRegistration(Config, reg));
}
/// <summary>
/// GetUserRegistrations method implementation
/// </summary>
internal static RegistrationList GetUserRegistrations(DataFilterObject filter, DataOrderObject order, DataPagingObject paging)
{
EnsureService();
return(RuntimeRepository.GetUserRegistrations(Config, filter, order, paging));
}
/// <summary>
/// AddUserRegistration method implementation
/// </summary>
internal static Registration AddUserRegistration(Registration reg, bool resetkey = true, bool canupdate = true, bool email = false)
{
EnsureService();
return(RuntimeRepository.AddUserRegistration(Config, reg, resetkey, canupdate, email));
}
/// <summary>
/// DeleteUserRegistration method implementation
/// </summary>
internal static bool DeleteUserRegistration(Registration reg, bool dropkey = true)
{
EnsureService();
return(RuntimeRepository.DeleteUserRegistration(Config, reg, dropkey));
}
/// <summary>
/// GetUserRegistration method implementation
/// </summary>
internal static Registration GetUserRegistration(string upn)
{
EnsureService();
return(RuntimeRepository.GetUserRegistration(Config, upn));
}
/// <summary>
/// SetUserRegistration method implementation
/// </summary>
internal static Registration SetUserRegistration(Registration reg, bool resetkey = false, bool caninsert = true, bool email = false)
{
EnsureService();
return(RuntimeRepository.SetUserRegistration(Config, reg, resetkey, caninsert, email));
}
/// <summary>
/// GetEncodedUserKey method implmentation
/// </summary>
internal static string NewUserKey(string upn)
{
EnsureService();
return(RuntimeRepository.NewUserKey(Config, upn));
}
/// <summary>
/// GetUserRegistrationsCount method implementation
/// </summary>
internal static int GetUserRegistrationsCount(DataFilterObject filter)
{
EnsureService();
return(RuntimeRepository.GetMFAUsersCount(Config, filter));
}
/// <summary>
/// DisableUserRegistration method implementation
/// </summary>
internal static MFAUser DisableUserRegistration(MFAUser reg)
{
EnsureService();
return(RuntimeRepository.DisableMFAUser(Config, reg));
}
/// <summary>
/// SetLoginAssertionResult method implementation
/// </summary>
private int SetLoginAssertionResult(AuthenticationContext ctx, string jsonResponse)
{
try
{
string jsonOptions = ctx.AssertionOptions;
if (string.IsNullOrEmpty(jsonOptions))
{
throw new ArgumentNullException(jsonOptions);
}
if (string.IsNullOrEmpty(jsonResponse))
{
throw new ArgumentNullException(jsonResponse);
}
MFAWebAuthNUser user = RuntimeRepository.GetUser(Config, ctx.UPN);
if (user != null)
{
AssertionOptions options = AssertionOptions.FromJson(jsonOptions);
AuthenticatorAssertionRawResponse clientResponse = JsonConvert.DeserializeObject <AuthenticatorAssertionRawResponse>(jsonResponse);
// AuthData Flags
byte flag = clientResponse.Response.AuthenticatorData[32];
var userpresent = (flag & (1 << 0)) != 0;
var userverified = (flag & (1 << 2)) != 0;
var attestedcred = (flag & (1 << 6)) != 0;
var hasextenddata = (flag & (1 << 7)) != 0;
MFAUserCredential creds = RuntimeRepository.GetCredentialById(Config, user, clientResponse.Id);
if (creds == null)
{
throw new Exception("Unknown credentials");
}
uint storedCounter = creds.SignatureCounter;
bool callback(IsUserHandleOwnerOfCredentialIdParams args)
{
var storedCreds = RuntimeRepository.GetCredentialsByUserHandle(Config, user, args.UserHandle);
return(storedCreds.Exists(c => c.Descriptor.Id.SequenceEqual(args.CredentialId)));
}
AssertionVerificationResult res = _webathn.SetAssertionResult(clientResponse, options, creds.PublicKey, storedCounter, callback);
RuntimeRepository.UpdateCounter(Config, user, res.CredentialId, res.Counter);
if (!userpresent || !userverified)
{
switch (creds.CredType)
{
case "none":
ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.None));
break;
case "android-key":
ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.AndroidKey));
break;
case "android-safetynet":
ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.AndroidSafetyNet));
break;
case "fido-u2f":
ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.Fido2U2f));
break;
case "packed":
ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.Packed));
break;
case "tpm":
ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.TPM));
break;
case "apple":
ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.Apple));
break;
default:
ctx.PinRequirements = false;
break;
}
}
else
{
ctx.PinRequirements = false;
}
return((int)AuthenticationResponseKind.Biometrics);
}
else
{
Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, "User does not exists !"), System.Diagnostics.EventLogEntryType.Error, 5000);
return((int)AuthenticationResponseKind.Error);
}
}
catch (Exception e)
{
Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), System.Diagnostics.EventLogEntryType.Error, 5000);
return((int)AuthenticationResponseKind.Error);
}
}
/// <summary>
/// GetRegisterCredentialOptions method implementation
/// </summary>
private string GetRegisterCredentialOptions(AuthenticationContext ctx)
{
try
{
if (string.IsNullOrEmpty(ctx.UPN))
{
throw new ArgumentNullException(ctx.UPN);
}
string attType = this.ConveyancePreference; // none, direct, indirect
string authType = this.Attachement; // <empty>, platform, cross-platform
string userVerification = this.UserVerificationRequirement; // preferred, required, discouraged
bool requireResidentKey = this.RequireResidentKey; // true,false
MFAWebAuthNUser user = RuntimeRepository.GetUser(Config, ctx.UPN);
if (user != null)
{
List <MFAPublicKeyCredentialDescriptor> existingKeys = RuntimeRepository.GetCredentialsByUser(Config, user).Select(c => c.Descriptor).ToList();
// 3. Create options
AuthenticatorSelection authenticatorSelection = new AuthenticatorSelection
{
RequireResidentKey = requireResidentKey,
UserVerification = userVerification.ToEnum <UserVerificationRequirement>()
};
if (!string.IsNullOrEmpty(authType))
{
authenticatorSelection.AuthenticatorAttachment = authType.ToEnum <AuthenticatorAttachment>();
}
AuthenticationExtensionsClientInputs exts = new AuthenticationExtensionsClientInputs()
{
Extensions = this.Extentions,
UserVerificationIndex = this.UserVerificationIndex,
Location = this.Location,
UserVerificationMethod = this.UserVerificationMethod,
BiometricAuthenticatorPerformanceBounds = new AuthenticatorBiometricPerfBounds
{
FAR = float.MaxValue,
FRR = float.MaxValue
}
};
RegisterCredentialOptions options = _webathn.GetRegisterCredentialOptions(user.ToCore(), existingKeys.ToCore(), authenticatorSelection, attType.ToEnum <AttestationConveyancePreference>(), exts);
string result = options.ToJson();
ctx.CredentialOptions = result;
return(result);
}
else
{
Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, "User does not exists !"), System.Diagnostics.EventLogEntryType.Error, 5000);
return((new RegisterCredentialOptions {
Status = "error", ErrorMessage = string.Format("{0}", "User does not exists !")
}).ToJson());
}
}
catch (Exception e)
{
Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), System.Diagnostics.EventLogEntryType.Error, 5000);
return((new RegisterCredentialOptions {
Status = "error", ErrorMessage = string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "")
}).ToJson());
}
}
