private FidoRegistrationData(FidoPublicKey userPublicKey, FidoKeyHandle keyHandle,
FidoAttestationCertificate attestationCertificate,
FidoSignature signature)
{
UserPublicKey = userPublicKey;
KeyHandle = keyHandle;
AttestationCertificate = attestationCertificate;
Signature = signature;
}
private static FidoRegistrationData FromStream(Stream stream)
{
if (stream == null)
{
throw new ArgumentNullException("stream");
}
using (var binaryReader = new BinaryReader(stream))
{
var reservedByte = binaryReader.ReadByte();
if (reservedByte != RegistrationReservedByte)
{
throw new InvalidOperationException(String.Format(
"Incorrect value of reserved byte (expected: 0x{0:X2} but was: 0x{1:X1})",
RegistrationReservedByte, reservedByte));
}
try
{
var publicKeyBytes = binaryReader.ReadBytes(65);
var keyHandleLength = binaryReader.ReadByte();
var keyHandleBytes = binaryReader.ReadBytes(keyHandleLength);
var nextChunkSize = (int)(binaryReader.BaseStream.Length - binaryReader.BaseStream.Position);
var certificatePosition = binaryReader.BaseStream.Position;
var certBytes = binaryReader.ReadBytes(nextChunkSize);
var certificate = new FidoAttestationCertificate(certBytes);
var certSize = certificate.Certificate.GetEncoded().Length;
binaryReader.BaseStream.Position = certificatePosition + certSize;
nextChunkSize = (int)(binaryReader.BaseStream.Length - binaryReader.BaseStream.Position);
var signatureBytes = binaryReader.ReadBytes(nextChunkSize);
var registerResponse = new FidoRegistrationData(
new FidoPublicKey(publicKeyBytes),
new FidoKeyHandle(keyHandleBytes),
certificate,
new FidoSignature(signatureBytes));
return(registerResponse);
}
catch (Exception ex)
{
var message = String.Format("Error parsing registration data ({0})", ex.Message);
throw new InvalidOperationException(message, ex);
}
}
}
private void VerifySignature(FidoAttestationCertificate certificate, FidoSignature signature,
byte[] signedBytes)
{
try
{
var certPublicKey = certificate.Certificate.GetPublicKey();
var signer = SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(false, certPublicKey);
signer.BlockUpdate(signedBytes, 0, signedBytes.Length);
if (signer.VerifySignature(signature.ToByteArray()))
{
throw new InvalidOperationException("Invalid signature");
}
}
catch (Exception)
{
throw new InvalidOperationException("Invalid signature");
}
}
public FidoDeviceRegistration(FidoKeyHandle keyHandle, FidoPublicKey publicKey, FidoAttestationCertificate certificate, uint counter)
{
if (keyHandle == null)
{
throw new ArgumentNullException("keyHandle");
}
if (publicKey == null)
{
throw new ArgumentNullException("publicKey");
}
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
KeyHandle = keyHandle;
PublicKey = publicKey;
Certificate = certificate;
Counter = counter;
}
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
{
return(FidoAttestationCertificate.FromWebSafeBase64(reader.Value.ToString()));
}