Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Base64Url Id instead of byte[] #586

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Base64Url Id instead of byte[] #586

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion BlazorWasmDemo/Server/Controllers/UserController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ public async Task<string> MakeAssertionAsync([FromBody] AuthenticatorAssertionRa
_pendingAssertions.Remove(key);

// 2. Get registered credential from database
var creds = _demoStorage.GetCredentialById(clientResponse.Id) ?? throw new Exception("Unknown credentials");
var creds = _demoStorage.GetCredentialById(clientResponse.RawId) ?? throw new Exception("Unknown credentials");

// 3. Make the assertion
var res = await _fido2.MakeAssertionAsync(new MakeAssertionParams
Expand Down
2 changes: 1 addition & 1 deletion Demo/Controller.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRaw
var options = AssertionOptions.FromJson(jsonOptions);

// 2. Get registered credential from database
var creds = DemoStorage.GetCredentialById(clientResponse.Id) ?? throw new Exception("Unknown credentials");
var creds = DemoStorage.GetCredentialById(clientResponse.RawId) ?? throw new Exception("Unknown credentials");

// 3. Get credential counter from database
var storedCounter = creds.SignCount;
Expand Down
2 changes: 1 addition & 1 deletion Demo/TestController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ public async Task<JsonResult> MakeAssertionTestAsync([FromBody] AuthenticatorAss
var options = AssertionOptions.FromJson(jsonOptions);

// 2. Get registered credential from database
var creds = _demoStorage.GetCredentialById(clientResponse.Id);
var creds = _demoStorage.GetCredentialById(clientResponse.RawId);

// 3. Get credential counter from database
var storedCounter = creds.SignCount;
Expand Down
3 changes: 1 addition & 2 deletions Src/Fido2.Models/AuthenticatorAssertionRawResponse.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,8 @@ namespace Fido2NetLib;
/// </summary>
public class AuthenticatorAssertionRawResponse
{
[JsonConverter(typeof(Base64UrlConverter))]
[JsonPropertyName("id"), Required]
public byte[] Id { get; init; }
public string Id { get; init; }

// might be wrong to base64url encode this...
[JsonConverter(typeof(Base64UrlConverter))]
Expand Down
6 changes: 3 additions & 3 deletions Src/Fido2/AuthenticatorAssertionResponse.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
if (options.AllowCredentials != null && options.AllowCredentials.Any())
{
// might need to transform x.Id and raw.id as described in https://www.w3.org/TR/webauthn/#publickeycredential
if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.Id)))
if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.RawId)))
throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.CredentialIdNotInAllowedCredentials);
}

Expand All @@ -87,7 +87,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
if (UserHandle.Length is 0)
throw new Fido2VerificationException(Fido2ErrorMessages.UserHandleIsEmpty);

if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.Id, UserHandle), cancellationToken) is false)
if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.RawId, UserHandle), cancellationToken) is false)
{
throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.UserHandleNotOwnerOfPublicKey);
}
Expand Down Expand Up @@ -177,7 +177,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(

return new VerifyAssertionResult
{
CredentialId = Raw.Id,
CredentialId = Raw.RawId,
SignCount = authData.SignCount,
IsBackedUp = authData.IsBackedUp

Expand Down
36 changes: 18 additions & 18 deletions Tests/Fido2.Tests/AuthenticatorResponse.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1275,7 +1275,7 @@ public void TestAuthenticatorAssertionRawResponse()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand All @@ -1301,7 +1301,7 @@ public void TestAuthenticatorAssertionRawResponse()
}
};
Assert.Equal(PublicKeyCredentialType.PublicKey, assertionResponse.Type);
Assert.Equal([0xf1, 0xd0], assertionResponse.Id);
Assert.Equal("8dA", assertionResponse.Id);
Assert.Equal([0xf1, 0xd0], assertionResponse.RawId);
Assert.Equal([0xf1, 0xd0], assertionResponse.Response.AuthenticatorData);
Assert.Equal([0xf1, 0xd0], assertionResponse.Response.Signature);
Expand Down Expand Up @@ -1352,7 +1352,7 @@ public async Task TestAuthenticatorAssertionTypeNotPublicKey()
{
Response = assertion,
Type = PublicKeyCredentialType.Invalid,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -1504,7 +1504,7 @@ public async Task TestAuthenticatorAssertionRawIdMissing()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
AppID = false,
Expand Down Expand Up @@ -1579,7 +1579,7 @@ public async Task TestAuthenticatorAssertionUserHandleEmpty()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -1655,7 +1655,7 @@ public async Task TestAuthenticatorAssertionUserHandleNotOwnerOfPublicKey()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -1731,7 +1731,7 @@ public async Task TestAuthenticatorAssertionTypeNotWebAuthnGet()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -1809,7 +1809,7 @@ public async Task TestAuthenticatorAssertionAppId()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -1886,7 +1886,7 @@ public async Task TestAuthenticatorAssertionInvalidRpIdHash()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -1964,7 +1964,7 @@ public async Task TestAuthenticatorAssertionUPRequirementNotMet()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -2041,7 +2041,7 @@ public async Task TestAuthenticatorAssertionUVPolicyNotMet()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -2116,7 +2116,7 @@ public async Task TestAuthenticatorAssertionBEPolicyRequired()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -2192,7 +2192,7 @@ public async Task TestAuthenticatorAssertionBEPolicyDisallow()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -2268,7 +2268,7 @@ public async Task TestAuthenticatorAssertionBSPolicyRequired()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -2344,7 +2344,7 @@ public async Task TestAuthenticatorAssertionBSPolicyDisallow()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -2421,7 +2421,7 @@ public async Task TestAuthenticatorAssertionStoredPublicKeyMissing()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -2497,7 +2497,7 @@ public async Task TestAuthenticatorAssertionInvalidSignature()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -2580,7 +2580,7 @@ public async Task TestAuthenticatorAssertionSignCountSignature()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down
5 changes: 3 additions & 2 deletions Tests/Fido2.Tests/ExistingU2fRegistrationDataTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ public async Task TestFido2AssertionWithExistingU2fRegistrationWithAppId()
{
// u2f registration with appId
var appId = "https://localhost:44336";
var keyHandleData = Base64Url.DecodeFromChars("2uzGTqu9XGoDQpRBhkv3qDYWzEEZrDjOHT94fHe3J9VXl6KpaY6jL1C4gCAVSBCWZejOn-EYSyXfiG7RDQqgKw");
var keyHandleB64Data = "2uzGTqu9XGoDQpRBhkv3qDYWzEEZrDjOHT94fHe3J9VXl6KpaY6jL1C4gCAVSBCWZejOn-EYSyXfiG7RDQqgKw";
var keyHandleData = Base64Url.DecodeFromChars(keyHandleB64Data);
var publicKeyData = Base64Url.DecodeFromChars("BEKJkJiDzo8wlrYbAHmyz5a5vShbkStO58ZO7F-hy4fvBp6TowCZoV2dNGcxIN1yT18799bb_WuP0Yq_DSv5a-U");

//key as cbor
Expand All @@ -36,7 +37,7 @@ public async Task TestFido2AssertionWithExistingU2fRegistrationWithAppId()

var authResponse = new AuthenticatorAssertionRawResponse
{
Id = keyHandleData,
Id = keyHandleB64Data,
RawId = keyHandleData,
Type = PublicKeyCredentialType.PublicKey,
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
Expand Down
2 changes: 1 addition & 1 deletion Tests/Fido2.Tests/Fido2Tests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -987,7 +987,7 @@ internal static async Task<VerifyAssertionResult> MakeAssertionResponseAsync(
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
};
IsUserHandleOwnerOfCredentialIdAsync callback = (args, cancellationToken) =>
Expand Down
Loading