From a40803ee01fb50f0a56d930073720ee60901ae85 Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Tue, 5 Nov 2024 16:21:07 +0100 Subject: [PATCH] Support NFC in sign_arkg --- examples/sign_arkg.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/examples/sign_arkg.py b/examples/sign_arkg.py index 56513e3..541ba22 100644 --- a/examples/sign_arkg.py +++ b/examples/sign_arkg.py @@ -43,6 +43,7 @@ try: from fido2.pcsc import CtapPcscDevice + from smartcard.Exceptions import CardConnectionException except ImportError: CtapPcscDevice = None @@ -70,6 +71,7 @@ def request_uv(self, permissions, rd_id): uv = "discouraged" rk = "discouraged" +pcsc = False if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin(): # Use the Windows WebAuthn API if available, and we're not running as admin @@ -83,6 +85,8 @@ def request_uv(self, permissions, rd_id): user_interaction=CliInteraction(), ) if "sign" in client.info.extensions: + if isinstance(dev, CtapPcscDevice): + pcsc = True break else: print("No Authenticator with the sign extension found!") @@ -153,6 +157,32 @@ def request_uv(self, permissions, rd_id): # Prepare parameters for getAssertion request_options, state = server.authenticate_begin(credentials, user_verification=uv) + +# NFC devices need to be removed and replaced to again trigger UV +if pcsc: + print("Remove the Authenticator from the NFC reader...") + while True: + try: + dev.get_atr() + except CardConnectionException: + dev.close() + break + + print("Now place the Authenticator back on the reader...") + while True: + for dev in CtapPcscDevice.list_devices(): + client = Fido2Client( + dev, + "https://example.com", + user_interaction=CliInteraction(), + ) + if "sign" in client.info.extensions: + break + else: + continue + break + + # Authenticate the credential result = client.get_assertion( {