Skip to content

Commit

Permalink
Change Id to be received as string instead of decoded
Browse files Browse the repository at this point in the history 
RawId is decoded to the raw byte value, while Id is the same value in base64url-encoded form.

passwordless-lib#513
  • Loading branch information
@Regenhardt
Regenhardt committed Dec 30, 2024
1 parent 9ad038b commit 71291eb
Show file tree
Hide file tree
Showing 8 changed files with 29 additions and 29 deletions.
2 changes: 1 addition & 1 deletion BlazorWasmDemo/Server/Controllers/UserController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ public async Task<string> MakeAssertionAsync([FromBody] AuthenticatorAssertionRa
_pendingAssertions.Remove(key);

// 2. Get registered credential from database
var creds = _demoStorage.GetCredentialById(clientResponse.Id) ?? throw new Exception("Unknown credentials");
var creds = _demoStorage.GetCredentialById(clientResponse.RawId) ?? throw new Exception("Unknown credentials");

// 3. Make the assertion
var res = await _fido2.MakeAssertionAsync(
Expand Down
2 changes: 1 addition & 1 deletion Demo/Controller.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRaw
var options = AssertionOptions.FromJson(jsonOptions);

// 2. Get registered credential from database
var creds = DemoStorage.GetCredentialById(clientResponse.Id) ?? throw new Exception("Unknown credentials");
var creds = DemoStorage.GetCredentialById(clientResponse.RawId) ?? throw new Exception("Unknown credentials");

// 3. Get credential counter from database
var storedCounter = creds.SignCount;
Expand Down
2 changes: 1 addition & 1 deletion Demo/TestController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ public async Task<JsonResult> MakeAssertionTestAsync([FromBody] AuthenticatorAss
var options = AssertionOptions.FromJson(jsonOptions);

// 2. Get registered credential from database
var creds = _demoStorage.GetCredentialById(clientResponse.Id);
var creds = _demoStorage.GetCredentialById(clientResponse.RawId);

// 3. Get credential counter from database
var storedCounter = creds.SignCount;
Expand Down
3 changes: 1 addition & 2 deletions Src/Fido2.Models/AuthenticatorAssertionRawResponse.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,8 @@ namespace Fido2NetLib;
/// </summary>
public class AuthenticatorAssertionRawResponse
{
[JsonConverter(typeof(Base64UrlConverter))]
[JsonPropertyName("id")]
public byte[] Id { get; set; }
public string Id { get; set; }

// might be wrong to base64url encode this...
[JsonConverter(typeof(Base64UrlConverter))]
Expand Down
6 changes: 3 additions & 3 deletions Src/Fido2/AuthenticatorAssertionResponse.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
if (options.AllowCredentials != null && options.AllowCredentials.Any())
{
// might need to transform x.Id and raw.id as described in https://www.w3.org/TR/webauthn/#publickeycredential
if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.Id)))
if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.RawId)))
throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.CredentialIdNotInAllowedCredentials);
}

Expand All @@ -88,7 +88,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
if (UserHandle.Length is 0)
throw new Fido2VerificationException(Fido2ErrorMessages.UserHandleIsEmpty);

if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.Id, UserHandle), cancellationToken) is false)
if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.RawId, UserHandle), cancellationToken) is false)
{
throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.UserHandleNotOwnerOfPublicKey);
}
Expand Down Expand Up @@ -177,7 +177,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
return new VerifyAssertionResult
{
Status = "ok",
CredentialId = Raw.Id,
CredentialId = Raw.RawId,
SignCount = authData.SignCount,
IsBackedUp = authData.IsBackedUp,
DevicePublicKey = devicePublicKeyResult,
Expand Down
36 changes: 18 additions & 18 deletions Test/AuthenticatorResponse.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1232,7 +1232,7 @@ public void TestAuthenticatorAssertionRawResponse()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand All @@ -1258,7 +1258,7 @@ public void TestAuthenticatorAssertionRawResponse()
}
};
Assert.Equal(PublicKeyCredentialType.PublicKey, assertionResponse.Type);
Assert.Equal([0xf1, 0xd0], assertionResponse.Id);
Assert.Equal("8dA", assertionResponse.Id);
Assert.Equal([0xf1, 0xd0], assertionResponse.RawId);
Assert.Equal([0xf1, 0xd0], assertionResponse.Response.AuthenticatorData);
Assert.Equal([0xf1, 0xd0], assertionResponse.Response.Signature);
Expand Down Expand Up @@ -1308,7 +1308,7 @@ public async Task TestAuthenticatorAssertionTypeNotPublicKey()
{
Response = assertion,
Type = PublicKeyCredentialType.Invalid,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -1446,7 +1446,7 @@ public async Task TestAuthenticatorAssertionRawIdMissing()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
AppID = false,
Expand Down Expand Up @@ -1514,7 +1514,7 @@ public async Task TestAuthenticatorAssertionUserHandleEmpty()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -1583,7 +1583,7 @@ public async Task TestAuthenticatorAssertionUserHandleNotOwnerOfPublicKey()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -1652,7 +1652,7 @@ public async Task TestAuthenticatorAssertionTypeNotWebAuthnGet()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -1723,7 +1723,7 @@ public async Task TestAuthenticatorAssertionAppId()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -1793,7 +1793,7 @@ public async Task TestAuthenticatorAssertionInvalidRpIdHash()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -1864,7 +1864,7 @@ public async Task TestAuthenticatorAssertionUPRequirementNotMet()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -1934,7 +1934,7 @@ public async Task TestAuthenticatorAssertionUVPolicyNotMet()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -2002,7 +2002,7 @@ public async Task TestAuthenticatorAssertionBEPolicyRequired()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -2071,7 +2071,7 @@ public async Task TestAuthenticatorAssertionBEPolicyDisallow()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -2140,7 +2140,7 @@ public async Task TestAuthenticatorAssertionBSPolicyRequired()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -2209,7 +2209,7 @@ public async Task TestAuthenticatorAssertionBSPolicyDisallow()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
{
Expand Down Expand Up @@ -2279,7 +2279,7 @@ public async Task TestAuthenticatorAssertionStoredPublicKeyMissing()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -2348,7 +2348,7 @@ public async Task TestAuthenticatorAssertionInvalidSignature()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down Expand Up @@ -2424,7 +2424,7 @@ public async Task TestAuthenticatorAssertionSignCountSignature()
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
{
Expand Down
5 changes: 3 additions & 2 deletions Test/ExistingU2fRegistrationDataTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ public async Task TestFido2AssertionWithExistingU2fRegistrationWithAppId()
{
// u2f registration with appId
var appId = "https://localhost:44336";
var keyHandleData = Base64Url.Decode("2uzGTqu9XGoDQpRBhkv3qDYWzEEZrDjOHT94fHe3J9VXl6KpaY6jL1C4gCAVSBCWZejOn-EYSyXfiG7RDQqgKw");
var keyHandleB64Data = "2uzGTqu9XGoDQpRBhkv3qDYWzEEZrDjOHT94fHe3J9VXl6KpaY6jL1C4gCAVSBCWZejOn-EYSyXfiG7RDQqgKw";
var keyHandleData = Base64Url.Decode(keyHandleB64Data);
var publicKeyData = Base64Url.Decode("BEKJkJiDzo8wlrYbAHmyz5a5vShbkStO58ZO7F-hy4fvBp6TowCZoV2dNGcxIN1yT18799bb_WuP0Yq_DSv5a-U");

//key as cbor
Expand All @@ -35,7 +36,7 @@ public async Task TestFido2AssertionWithExistingU2fRegistrationWithAppId()

var authResponse = new AuthenticatorAssertionRawResponse
{
Id = keyHandleData,
Id = keyHandleB64Data,
RawId = keyHandleData,
Type = PublicKeyCredentialType.PublicKey,
ClientExtensionResults = new AuthenticationExtensionsClientOutputs
Expand Down
2 changes: 1 addition & 1 deletion Test/Fido2Tests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -921,7 +921,7 @@ internal static async Task<VerifyAssertionResult> MakeAssertionResponseAsync(
{
Response = assertion,
Type = PublicKeyCredentialType.PublicKey,
Id = [0xf1, 0xd0],
Id = "8dA",
RawId = [0xf1, 0xd0],
};
IsUserHandleOwnerOfCredentialIdAsync callback = (args, cancellationToken) =>
Expand Down

0 comments on commit 71291eb

Please sign in to comment.