def test_filter_entries(): data = parse_blob(EXAMPLE_BLOB, EXAMPLE_CA) mds = MdsAttestationVerifier(data, entry_filter=lambda e: e.aaguid != AAGUID) entry = mds.find_entry_by_aaguid(AAGUID) assert entry is None mds = MdsAttestationVerifier(data, entry_filter=lambda e: e.aaguid == AAGUID) assert mds.find_entry_by_aaguid(AAGUID)
def test_lookup_filter_does_not_affect_find_entry_by_aaguid(): data = parse_blob(EXAMPLE_BLOB, EXAMPLE_CA) mds = MdsAttestationVerifier( data, attestation_filter=lambda e, _: e.aaguid != AAGUID) assert mds.find_entry_by_aaguid(AAGUID)
def test_find_by_chain_miss(): data = parse_blob(EXAMPLE_BLOB, EXAMPLE_CA) mds = MdsAttestationVerifier(data) entry = mds.find_entry_by_chain([EXAMPLE_CA]) assert entry is None
def test_find_by_aaguid_miss(): data = parse_blob(EXAMPLE_BLOB, EXAMPLE_CA) mds = MdsAttestationVerifier(data) entry = mds.find_entry_by_aaguid( bytes.fromhex("0102030405060708090a0b0c0d0e0f")) assert entry is None
def test_find_by_aaguid(): data = parse_blob(EXAMPLE_BLOB, EXAMPLE_CA) mds = MdsAttestationVerifier(data) entry = mds.find_entry_by_aaguid(AAGUID) assert (entry.metadata_statement.description == "FIDO Alliance Sample FIDO2 Authenticator")
def test_parse_blob(): data = parse_blob(EXAMPLE_BLOB, EXAMPLE_CA) assert data.no == 15 assert len(data.entries) == 2
6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH WD9f""" ) # Parse the MDS3 blob if len(sys.argv) != 2: print("This example requires a FIDO MDS3 metadata blob, which you can get here:") print("https://fidoalliance.org/metadata/") print() print("USAGE: python verify_attestation_mds3.py blob.jwt") sys.exit(1) with open(sys.argv[1], "rb") as f: metadata = parse_blob(f.read(), ca) # The verifier is used to query for data in the blob and to verify attestation. # We could optionally pass a filter function to only allow specific authenticators. mds = MdsAttestationVerifier(metadata) uv = "discouraged" # Handle user interaction class CliInteraction(UserInteraction): def prompt_up(self): print("\nTouch your authenticator device now...\n") def request_pin(self, permissions, rd_id): return getpass("Enter PIN: ")