From 5e5f28980e50d3c12a6289a4bfdf5cc06b5782db Mon Sep 17 00:00:00 2001 From: joegoldman2 <147369450+joegoldman2@users.noreply.github.com> Date: Fri, 22 Dec 2023 16:25:31 +0200 Subject: [PATCH] Map authenticator transports on server side (#453) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove transports field as it is not mapped on server side * Map transports --------- Co-authored-by: Anders Ã…berg --- Demo/wwwroot/js/custom.register.js | 2 +- Demo/wwwroot/js/mfa.register.js | 3 ++- Demo/wwwroot/js/passwordless.register.js | 3 ++- Demo/wwwroot/js/usernameless.register.js | 3 ++- Src/Fido2.BlazorWebAssembly/wwwroot/js/WebAuthn.ts | 2 +- Src/Fido2.Models/AuthenticatorAttestationRawResponse.cs | 3 +++ Src/Fido2/AuthenticatorAttestationResponse.cs | 2 +- Test/Attestation/AndroidKey.cs | 1 + Test/Attestation/AndroidSafetyNet.cs | 1 + Test/Attestation/FidoU2f.cs | 1 + Test/Attestation/Packed.cs | 1 + Test/Attestation/Tpm.cs | 3 +++ Test/Fido2Tests.cs | 1 + 13 files changed, 20 insertions(+), 6 deletions(-) diff --git a/Demo/wwwroot/js/custom.register.js b/Demo/wwwroot/js/custom.register.js index 326e5fe6..0801bed6 100644 --- a/Demo/wwwroot/js/custom.register.js +++ b/Demo/wwwroot/js/custom.register.js @@ -126,7 +126,7 @@ async function registerNewCredential(newCredential) { response: { AttestationObject: coerceToBase64Url(attestationObject), clientDataJSON: coerceToBase64Url(clientDataJSON), - transports: newCredential.response.getTransports(), + transports: newCredential.response.getTransports() }, }; diff --git a/Demo/wwwroot/js/mfa.register.js b/Demo/wwwroot/js/mfa.register.js index 3de7f8ea..f3dd567d 100644 --- a/Demo/wwwroot/js/mfa.register.js +++ b/Demo/wwwroot/js/mfa.register.js @@ -130,7 +130,8 @@ async function registerNewCredential(newCredential) { extensions: newCredential.getClientExtensionResults(), response: { AttestationObject: coerceToBase64Url(attestationObject), - clientDataJSON: coerceToBase64Url(clientDataJSON) + clientDataJSON: coerceToBase64Url(clientDataJSON), + transports: newCredential.response.getTransports() } }; diff --git a/Demo/wwwroot/js/passwordless.register.js b/Demo/wwwroot/js/passwordless.register.js index f745df66..65ffd7bf 100644 --- a/Demo/wwwroot/js/passwordless.register.js +++ b/Demo/wwwroot/js/passwordless.register.js @@ -127,7 +127,8 @@ async function registerNewCredential(newCredential) { extensions: newCredential.getClientExtensionResults(), response: { AttestationObject: coerceToBase64Url(attestationObject), - clientDataJSON: coerceToBase64Url(clientDataJSON) + clientDataJSON: coerceToBase64Url(clientDataJSON), + transports: newCredential.response.getTransports() } }; diff --git a/Demo/wwwroot/js/usernameless.register.js b/Demo/wwwroot/js/usernameless.register.js index b6c86048..bd48f88d 100644 --- a/Demo/wwwroot/js/usernameless.register.js +++ b/Demo/wwwroot/js/usernameless.register.js @@ -128,7 +128,8 @@ async function registerNewCredential(newCredential) { extensions: newCredential.getClientExtensionResults(), response: { attestationObject: coerceToBase64Url(attestationObject), - clientDataJSON: coerceToBase64Url(clientDataJSON) + clientDataJSON: coerceToBase64Url(clientDataJSON), + transports: newCredential.response.getTransports() } }; diff --git a/Src/Fido2.BlazorWebAssembly/wwwroot/js/WebAuthn.ts b/Src/Fido2.BlazorWebAssembly/wwwroot/js/WebAuthn.ts index b755d72c..9a7ecc65 100644 --- a/Src/Fido2.BlazorWebAssembly/wwwroot/js/WebAuthn.ts +++ b/Src/Fido2.BlazorWebAssembly/wwwroot/js/WebAuthn.ts @@ -33,7 +33,7 @@ export async function createCreds(options: PublicKeyCredentialCreationOptions) { response: { attestationObject: toBase64Url(response.attestationObject), clientDataJSON: toBase64Url(response.clientDataJSON), - transports: response.getTransports ? response.getTransports() : [], + transports: response.getTransports ? response.getTransports() : [] } }; return retval; diff --git a/Src/Fido2.Models/AuthenticatorAttestationRawResponse.cs b/Src/Fido2.Models/AuthenticatorAttestationRawResponse.cs index 83011ec5..ae4e07a5 100644 --- a/Src/Fido2.Models/AuthenticatorAttestationRawResponse.cs +++ b/Src/Fido2.Models/AuthenticatorAttestationRawResponse.cs @@ -32,5 +32,8 @@ public sealed class AttestationResponse [JsonConverter(typeof(Base64UrlConverter))] [JsonPropertyName("clientDataJSON")] public byte[] ClientDataJson { get; set; } + + [JsonPropertyName("transports")] + public AuthenticatorTransport[] Transports { get; set; } } } diff --git a/Src/Fido2/AuthenticatorAttestationResponse.cs b/Src/Fido2/AuthenticatorAttestationResponse.cs index a698ae90..51c32fac 100644 --- a/Src/Fido2/AuthenticatorAttestationResponse.cs +++ b/Src/Fido2/AuthenticatorAttestationResponse.cs @@ -190,7 +190,7 @@ public async Task VerifyAsync( Id = authData.AttestedCredentialData.CredentialId, PublicKey = authData.AttestedCredentialData.CredentialPublicKey.GetBytes(), SignCount = authData.SignCount, - // Transports = result of response.getTransports(); + Transports = Raw.Response.Transports, IsBackupEligible = authData.IsBackupEligible, IsBackedUp = authData.IsBackedUp, AttestationObject = Raw.Response.AttestationObject, diff --git a/Test/Attestation/AndroidKey.cs b/Test/Attestation/AndroidKey.cs index 24a30731..258d2496 100644 --- a/Test/Attestation/AndroidKey.cs +++ b/Test/Attestation/AndroidKey.cs @@ -76,6 +76,7 @@ public async Task TestAndroidKey() Assert.Equal("Test User", res.Result.User.DisplayName); Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id); Assert.Equal("testuser", res.Result.User.Name); + Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports); } [Fact] diff --git a/Test/Attestation/AndroidSafetyNet.cs b/Test/Attestation/AndroidSafetyNet.cs index cb2783be..29004e93 100644 --- a/Test/Attestation/AndroidSafetyNet.cs +++ b/Test/Attestation/AndroidSafetyNet.cs @@ -113,6 +113,7 @@ public async Task TestAndroidSafetyNet() Assert.Equal("Test User", res.Result.User.DisplayName); Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id); Assert.Equal("testuser", res.Result.User.Name); + Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports); } [Fact] diff --git a/Test/Attestation/FidoU2f.cs b/Test/Attestation/FidoU2f.cs index fee83b43..eabd7db1 100644 --- a/Test/Attestation/FidoU2f.cs +++ b/Test/Attestation/FidoU2f.cs @@ -68,6 +68,7 @@ public async Task TestU2f() Assert.Equal("Test User", res.Result.User.DisplayName); Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id); Assert.Equal("testuser", res.Result.User.Name); + Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports); } [Fact] diff --git a/Test/Attestation/Packed.cs b/Test/Attestation/Packed.cs index 0e0879e1..d6ec97a7 100644 --- a/Test/Attestation/Packed.cs +++ b/Test/Attestation/Packed.cs @@ -48,6 +48,7 @@ public async Task TestSelf() Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id); Assert.Equal("testuser", res.Result.User.Name); _attestationObject = new CborMap { { "fmt", "packed" } }; + Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports); } } diff --git a/Test/Attestation/Tpm.cs b/Test/Attestation/Tpm.cs index 64d8c27f..d829d1fb 100644 --- a/Test/Attestation/Tpm.cs +++ b/Test/Attestation/Tpm.cs @@ -305,6 +305,7 @@ public async Task TestTPM() Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id); Assert.Equal("testuser", res.Result.User.Name); _attestationObject = new CborMap { { "fmt", "tpm" } }; + Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports); } } @@ -422,6 +423,7 @@ public async Task TestTPMAikCertSANTCGConformant() Assert.Equal("Test User", res.Result.User.DisplayName); Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id); Assert.Equal("testuser", res.Result.User.Name); + Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports); } [Fact] @@ -5060,6 +5062,7 @@ public async Task TestTPMAikCertMisingAAGUID() Assert.Equal("Test User", res.Result.User.DisplayName); Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id); Assert.Equal("testuser", res.Result.User.Name); + Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports); } [Fact] diff --git a/Test/Fido2Tests.cs b/Test/Fido2Tests.cs index 1d7d144f..bd7029e9 100644 --- a/Test/Fido2Tests.cs +++ b/Test/Fido2Tests.cs @@ -163,6 +163,7 @@ public async Task MakeAttestationResponseAsync() { AttestationObject = _attestationObject.Encode(), ClientDataJson = _clientDataJson, + Transports = new[] { AuthenticatorTransport.Internal } }, Extensions = new AuthenticationExtensionsClientOutputs() {