def test_register_fixed_values(self):
     request = {
         "challenge": "KEzvDDdHwnXtPHIMb0Uh43hgOJ-wQTsdLujGkeg6JxM",
         "version": "U2F_V2",
         "appId": "http://localhost:8081"
     }
     response = {
         "registrationData":
         "BQS94xQL46G4vheJPkYSuEteM6Km4-MwgBAu1zZ6MAbjDDgqhYbpHuIhhGOKjedeDd58qqktqOJsby9wMdHGnUtVQD8ISPywVi3J6SaKebCVQdHPu3_zQigRS8LhoDwKT5Ed3tg8AWuNw9XBZEh4doEDxKGuInFazirUw8acOu2qDcEwggIjMIIBDaADAgECAgRyuHt0MAsGCSqGSIb3DQEBCzAPMQ0wCwYDVQQDEwR0ZXN0MB4XDTE1MDkwNDA3MTAyNloXDTE2MDkwMzA3MTAyNlowKjEoMCYGA1UEAxMfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTkyNDY5Mjg1MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC37i_h-xmEtGfWnuvj_BmuhtU18MKShNP_vZ7C2WJwj8OHaSLnzAfha14CMUPaKPtRFfP6w9CFGhvEizH33XZKjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS4yMBMGCysGAQQBguUcAgEBBAQDAgQwMAsGCSqGSIb3DQEBCwOCAQEAab7fWlJ-lOR1sqIxawPU5DWZ1b9nQ0QmNNoetPHJ_fJC95r0esRq5axfmGufbNktNWanHww7i9n5WWxSaMTWuJSF0eAXUajo8odYA8nB4_0I6z615MWa9hTU64Pl9HlqkR5ez5jndmJNuAfhaIF4h062Jw051kMo_aENxuLixnybTfJG7Q5KRE00o2MFs5b9L9fzhDtBzv5Z-vGOefuiohowpwnxIA9l0tGqrum9plUdx06K9TqKMRDQ8naosy01rbouA6i5xVjl-tHT3z-r__FYcSZ_dQ5-SCPOh4F0w6T0UwzymQmeqYN3pP-UUgnJ-ihD-uhEWklKNYRy0K0G0jBGAiEA7rbbx2jwC1YGICkZMR07ggKWaHCwFBxNDW3OwhLNNzUCIQCSq0sjGSUnWMQgPEImrmd3tMKcbrjI995rti6UYozqsg",
         "clientData":
         "eyJvcmlnaW4iOiAiaHR0cDovL2xvY2FsaG9zdDo4MDgxIiwgImNoYWxsZW5nZSI6ICJLRXp2RERkSHduWHRQSElNYjBVaDQzaGdPSi13UVRzZEx1akdrZWc2SnhNIiwgInR5cCI6ICJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCJ9"
     }
     u2f.complete_register(request, response)
Esempio n. 2
0
    def test_authenticate_soft_u2f(self):
        token = SoftU2FDevice()
        request = u2f.start_register(APP_ID)
        response = token.register(request.json, FACET)
        device, cert = u2f.complete_register(request, response)

        challenge1 = u2f.start_authenticate(device)
        challenge2 = u2f.start_authenticate(device)

        response2 = token.getAssertion(challenge2.json, FACET)
        response1 = token.getAssertion(challenge1.json, FACET)

        assert u2f.verify_authenticate(device, challenge1, response1)
        assert u2f.verify_authenticate(device, challenge2, response2)

        try:
            u2f.verify_authenticate(device, challenge1, response2)
        except:
            pass
        else:
            assert False, "Incorrect validation should fail!"

        try:
            u2f.verify_authenticate(device, challenge2, response1)
        except:
            pass
        else:
            assert False, "Incorrect validation should fail!"
Esempio n. 3
0
def complete_register(request_data, response, valid_facets=None):
    request_data = RegisterRequestData.wrap(request_data)
    response = RegisterResponse.wrap(response)

    return u2f_v2.complete_register(request_data.getRegisterRequest(response),
                                    response,
                                    valid_facets)
    def test_authenticate_soft_u2f(self):
        token = SoftU2FDevice()
        request = u2f.start_register(APP_ID)
        response = token.register(request.json, FACET)
        device, cert = u2f.complete_register(request, response)

        challenge1 = u2f.start_authenticate(device)
        challenge2 = u2f.start_authenticate(device)

        response2 = token.getAssertion(challenge2.json, FACET)
        response1 = token.getAssertion(challenge1.json, FACET)

        assert u2f.verify_authenticate(device, challenge1, response1)
        assert u2f.verify_authenticate(device, challenge2, response2)

        try:
            u2f.verify_authenticate(device, challenge1, response2)
        except:
            pass
        else:
            assert False, "Incorrect validation should fail!"

        try:
            u2f.verify_authenticate(device, challenge2, response1)
        except:
            pass
        else:
            assert False, "Incorrect validation should fail!"
Esempio n. 5
0
def add_key(request):

    if request.method == 'POST':
        # Add the key
        keyresponseform = KeyResponseForm(request.POST)
        if keyresponseform.is_valid():
            response = keyresponseform.cleaned_data['response']
            challenge = request.session['u2f_registration_challenge']
            print(challenge)
            del request.session['u2f_registration_challenge']
            device, attestation_cert = u2f.complete_register(
                challenge, response)
            request.user.u2f_keys.create(
                public_key=device['publicKey'],
                key_handle=device['keyHandle'],
                app_id=device['appId'],
            )
            print("%s\n\n\n%s" % (device, attestation_cert))
            return HttpResponseRedirect('/dashboard/')

    # Else if its a GET variable
    # Send them the request
    origin = '{scheme}://{host}'.format(
        scheme='https' if request.is_secure() else 'http',
        host=request.get_host(),
    )
    origin = "https://www.bestedm.org"
    challenge = u2f.start_register(origin)
    request.session['u2f_registration_challenge'] = challenge
    #    sign_requests = [u2f.start_authenticate(d.to_json()) for d in request.user.u2f_keys.all()]

    context = {'challenge': json.dumps(challenge)}
    #               'sign_requests': sign_requests}

    return render(request, 'u2f/add_key.html', context)
Esempio n. 6
0
def add_key(request):

    if request.method == 'POST':
        # Add the key
        keyresponseform = KeyResponseForm(request.POST)
        if keyresponseform.is_valid():
            response = keyresponseform.cleaned_data['response']
            challenge = request.session['u2f_registration_challenge']
            print(challenge)
            del request.session['u2f_registration_challenge']
            device, attestation_cert = u2f.complete_register(challenge, response)
            request.user.u2f_keys.create(
                public_key=device['publicKey'],
                key_handle=device['keyHandle'],
                app_id=device['appId'],
            )
            print("%s\n\n\n%s" % (device, attestation_cert))
            return HttpResponseRedirect('/dashboard/')

    # Else if its a GET variable
    # Send them the request
    origin = '{scheme}://{host}'.format(
                scheme='https' if request.is_secure() else 'http',
                host=request.get_host(),
             )
    challenge = u2f.start_register(origin)
    request.session['u2f_registration_challenge'] = challenge
#    sign_requests = [u2f.start_authenticate(d.to_json()) for d in request.user.u2f_keys.all()]

    context = {'challenge': json.dumps(challenge)}
#               'sign_requests': sign_requests}

    return render(request, 'u2f/add_key.html', context)
Esempio n. 7
0
    def test_register_soft_u2f(self):
        token = SoftU2FDevice()

        request = u2f.start_register(APP_ID)
        response = token.register(request.json, FACET)

        device, cert = u2f.complete_register(request, response)
        assert device
    def test_register_soft_u2f(self):
        token = SoftU2FDevice()

        request = u2f.start_register(APP_ID)
        response = token.register(request.json, FACET)

        device, cert = u2f.complete_register(request, response)
        assert device
Esempio n. 9
0
    def bind(self, username, data):
        user = self.users[username]
        binding, cert = complete_register(user['_u2f_enroll_'], data,
                                          [self.facet])
        user['_u2f_binding_'] = binding.json

        log.info("U2F device enrolled. Username: %s", username)
        log.debug("Attestation certificate:\n%s", cert.as_text())

        return json.dumps(True)
 def bind(self, username, password, data):
     user = self._get_user(username, password)
     enroll = user.attributes['_u2f_enroll_']
     binding, cert = complete_register(enroll, data, [self.origin])
     user.attributes['_u2f_binding_'] = binding.json
     user.attributes['_u2f_cert_'] = cert.as_pem()
     return json.dumps({
         'username': username[4:],
         'origin': self.origin,
         'attest_cert': cert.as_pem()
     })
 def bind(self, username, password, data):
     user = self._get_user(username, password)
     enroll = user.attributes['_u2f_enroll_']
     binding, cert = complete_register(enroll, data, [self.origin])
     user.attributes['_u2f_binding_'] = binding.json
     user.attributes['_u2f_cert_'] = cert.as_pem()
     return json.dumps({
         'username': username[4:],
         'origin': self.origin,
         'attest_cert': cert.as_pem()
     })
Esempio n. 12
0
 def form_valid(self, form):
     response = form.cleaned_data['response']
     challenge = self.request.session['u2f_registration_challenge']
     del self.request.session['u2f_registration_challenge']
     device, attestation_cert = u2f.complete_register(challenge, response)
     self.request.user.u2f_keys.create(
         public_key=device['publicKey'],
         key_handle=device['keyHandle'],
         app_id=device['appId'],
     )
     messages.success(self.request, 'Key added.')
     return HttpResponseRedirect(reverse(keys))
Esempio n. 13
0
 def form_valid(self, form):
     response = form.cleaned_data['response']
     challenge = self.request.session['u2f_registration_challenge']
     del self.request.session['u2f_registration_challenge']
     device, attestation_cert = u2f.complete_register(challenge, response)
     self.request.user.u2f_keys.create(
         public_key=device['publicKey'],
         key_handle=device['keyHandle'],
         app_id=device['appId'],
     )
     messages.success(self.request, _("Key added."))
     return super(AddKeyView, self).form_valid(form)
Esempio n. 14
0
 def form_valid(self, form):
     response = form.cleaned_data['response']
     challenge = self.request.session['u2f_registration_challenge']
     del self.request.session['u2f_registration_challenge']
     device, attestation_cert = u2f.complete_register(challenge, response)
     self.request.user.u2f_keys.create(
         public_key=device['publicKey'],
         key_handle=device['keyHandle'],
         app_id=device['appId'],
     )
     messages.success(self.request, 'Key added.')
     return HttpResponseRedirect(reverse(keys))
Esempio n. 15
0
 def register_complete(self, username, resp):
     memkey = resp.clientData.challenge
     data = self._memstore.retrieve(self._client.id, username, memkey)
     bind, cert = complete_register(data['request'], resp,
                                    self._client.valid_facets)
     attestation = self._metadata.get_attestation(cert)
     if self._require_trusted and not attestation.trusted:
         raise BadInputException('Device type is not trusted')
     user = self._get_or_create_user(username)
     dev = user.add_device(bind.json, cert)
     log.info('User: "******" - Device registered: "%s"',
         self._client.name, username, dev.handle)
     return dev.handle
Esempio n. 16
0
 def register_complete(self, username, resp):
     memkey = resp.clientData.challenge
     data = self._memstore.retrieve(self._client.id, username, memkey)
     bind, cert = complete_register(data['request'], resp,
                                    self._client.valid_facets)
     attestation = self._metadata.get_attestation(cert)
     if self._require_trusted and not attestation.trusted:
         raise BadInputException('Device type is not trusted')
     user = self._get_or_create_user(username)
     dev = user.add_device(bind.json, cert, attestation.transports)
     log.info('User: "******" - Device registered: "%s"',
         self._client.name, username, dev.handle)
     return dev.handle
    def test_wrong_facet(self):
        token = SoftU2FDevice()
        request = u2f.start_register(APP_ID)
        response = token.register(request.json, "http://wrongfacet.com")

        try:
            u2f.complete_register(request, response, FACETS)
        except:
            pass
        else:
            assert False, "Incorrect facet should fail!"

        response2 = token.register(request.json, FACET)
        device, cert = u2f.complete_register(request, response2)

        challenge = u2f.start_authenticate(device)
        response = token.getAssertion(challenge.json, "http://notright.com")

        try:
            u2f.verify_authenticate(device, challenge, response, FACETS)
        except:
            pass
        else:
            assert False, "Incorrect facet should fail!"
Esempio n. 18
0
    def test_wrong_facet(self):
        token = SoftU2FDevice()
        request = u2f.start_register(APP_ID)
        response = token.register(request.json, "http://wrongfacet.com")

        try:
            u2f.complete_register(request, response, FACETS)
        except:
            pass
        else:
            assert False, "Incorrect facet should fail!"

        response2 = token.register(request.json, FACET)
        device, cert = u2f.complete_register(request, response2)

        challenge = u2f.start_authenticate(device)
        response = token.getAssertion(challenge.json, "http://notright.com")

        try:
            u2f.verify_authenticate(device, challenge, response, FACETS)
        except:
            pass
        else:
            assert False, "Incorrect facet should fail!"
Esempio n. 19
0
def enroll_response():
    username = session.get('username')
    user = db_session.query(User).filter_by(username=username).first()

    response = dict(registrationData=session.get('registrationData'),
                    clientData=session.get('clientData'))

    binding, cert = complete_register(session.get('u2f_enroll'), response,
                                      'http://localhost:5000')

    user.u2f_binding = binding.json
    db_session.commit()

    print binding.json
    print cert.as_text()
    return Response('Enrolled token!')
Esempio n. 20
0
def enroll_response():
    username = session.get('username')
    user = db_session.query(User).filter_by(username=username).first()

    response = dict(registrationData=session.get('registrationData'),
            clientData=session.get('clientData'))

    binding, cert = complete_register(session.get('u2f_enroll'),
            response, 'http://localhost:5000')

    user.u2f_binding = binding.json
    db_session.commit()

    print binding.json
    print cert.as_text()
    return Response('Enrolled token!')
 def test_register_fixed_values(self):
     request = {"challenge": "KEzvDDdHwnXtPHIMb0Uh43hgOJ-wQTsdLujGkeg6JxM", "version": "U2F_V2", "appId": "http://localhost:8081"}
     response = {"registrationData": "BQS94xQL46G4vheJPkYSuEteM6Km4-MwgBAu1zZ6MAbjDDgqhYbpHuIhhGOKjedeDd58qqktqOJsby9wMdHGnUtVQD8ISPywVi3J6SaKebCVQdHPu3_zQigRS8LhoDwKT5Ed3tg8AWuNw9XBZEh4doEDxKGuInFazirUw8acOu2qDcEwggIjMIIBDaADAgECAgRyuHt0MAsGCSqGSIb3DQEBCzAPMQ0wCwYDVQQDEwR0ZXN0MB4XDTE1MDkwNDA3MTAyNloXDTE2MDkwMzA3MTAyNlowKjEoMCYGA1UEAxMfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTkyNDY5Mjg1MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC37i_h-xmEtGfWnuvj_BmuhtU18MKShNP_vZ7C2WJwj8OHaSLnzAfha14CMUPaKPtRFfP6w9CFGhvEizH33XZKjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS4yMBMGCysGAQQBguUcAgEBBAQDAgQwMAsGCSqGSIb3DQEBCwOCAQEAab7fWlJ-lOR1sqIxawPU5DWZ1b9nQ0QmNNoetPHJ_fJC95r0esRq5axfmGufbNktNWanHww7i9n5WWxSaMTWuJSF0eAXUajo8odYA8nB4_0I6z615MWa9hTU64Pl9HlqkR5ez5jndmJNuAfhaIF4h062Jw051kMo_aENxuLixnybTfJG7Q5KRE00o2MFs5b9L9fzhDtBzv5Z-vGOefuiohowpwnxIA9l0tGqrum9plUdx06K9TqKMRDQ8naosy01rbouA6i5xVjl-tHT3z-r__FYcSZ_dQ5-SCPOh4F0w6T0UwzymQmeqYN3pP-UUgnJ-ihD-uhEWklKNYRy0K0G0jBGAiEA7rbbx2jwC1YGICkZMR07ggKWaHCwFBxNDW3OwhLNNzUCIQCSq0sjGSUnWMQgPEImrmd3tMKcbrjI995rti6UYozqsg", "clientData": "eyJvcmlnaW4iOiAiaHR0cDovL2xvY2FsaG9zdDo4MDgxIiwgImNoYWxsZW5nZSI6ICJLRXp2RERkSHduWHRQSElNYjBVaDQzaGdPSi13UVRzZEx1akdrZWc2SnhNIiwgInR5cCI6ICJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCJ9"}
     u2f.complete_register(request, response)