def test_register_fixed_values(self): request = { "challenge": "KEzvDDdHwnXtPHIMb0Uh43hgOJ-wQTsdLujGkeg6JxM", "version": "U2F_V2", "appId": "http://localhost:8081" } response = { "registrationData": "BQS94xQL46G4vheJPkYSuEteM6Km4-MwgBAu1zZ6MAbjDDgqhYbpHuIhhGOKjedeDd58qqktqOJsby9wMdHGnUtVQD8ISPywVi3J6SaKebCVQdHPu3_zQigRS8LhoDwKT5Ed3tg8AWuNw9XBZEh4doEDxKGuInFazirUw8acOu2qDcEwggIjMIIBDaADAgECAgRyuHt0MAsGCSqGSIb3DQEBCzAPMQ0wCwYDVQQDEwR0ZXN0MB4XDTE1MDkwNDA3MTAyNloXDTE2MDkwMzA3MTAyNlowKjEoMCYGA1UEAxMfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTkyNDY5Mjg1MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC37i_h-xmEtGfWnuvj_BmuhtU18MKShNP_vZ7C2WJwj8OHaSLnzAfha14CMUPaKPtRFfP6w9CFGhvEizH33XZKjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS4yMBMGCysGAQQBguUcAgEBBAQDAgQwMAsGCSqGSIb3DQEBCwOCAQEAab7fWlJ-lOR1sqIxawPU5DWZ1b9nQ0QmNNoetPHJ_fJC95r0esRq5axfmGufbNktNWanHww7i9n5WWxSaMTWuJSF0eAXUajo8odYA8nB4_0I6z615MWa9hTU64Pl9HlqkR5ez5jndmJNuAfhaIF4h062Jw051kMo_aENxuLixnybTfJG7Q5KRE00o2MFs5b9L9fzhDtBzv5Z-vGOefuiohowpwnxIA9l0tGqrum9plUdx06K9TqKMRDQ8naosy01rbouA6i5xVjl-tHT3z-r__FYcSZ_dQ5-SCPOh4F0w6T0UwzymQmeqYN3pP-UUgnJ-ihD-uhEWklKNYRy0K0G0jBGAiEA7rbbx2jwC1YGICkZMR07ggKWaHCwFBxNDW3OwhLNNzUCIQCSq0sjGSUnWMQgPEImrmd3tMKcbrjI995rti6UYozqsg", "clientData": "eyJvcmlnaW4iOiAiaHR0cDovL2xvY2FsaG9zdDo4MDgxIiwgImNoYWxsZW5nZSI6ICJLRXp2RERkSHduWHRQSElNYjBVaDQzaGdPSi13UVRzZEx1akdrZWc2SnhNIiwgInR5cCI6ICJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCJ9" } u2f.complete_register(request, response)
def test_authenticate_soft_u2f(self): token = SoftU2FDevice() request = u2f.start_register(APP_ID) response = token.register(request.json, FACET) device, cert = u2f.complete_register(request, response) challenge1 = u2f.start_authenticate(device) challenge2 = u2f.start_authenticate(device) response2 = token.getAssertion(challenge2.json, FACET) response1 = token.getAssertion(challenge1.json, FACET) assert u2f.verify_authenticate(device, challenge1, response1) assert u2f.verify_authenticate(device, challenge2, response2) try: u2f.verify_authenticate(device, challenge1, response2) except: pass else: assert False, "Incorrect validation should fail!" try: u2f.verify_authenticate(device, challenge2, response1) except: pass else: assert False, "Incorrect validation should fail!"
def complete_register(request_data, response, valid_facets=None): request_data = RegisterRequestData.wrap(request_data) response = RegisterResponse.wrap(response) return u2f_v2.complete_register(request_data.getRegisterRequest(response), response, valid_facets)
def add_key(request): if request.method == 'POST': # Add the key keyresponseform = KeyResponseForm(request.POST) if keyresponseform.is_valid(): response = keyresponseform.cleaned_data['response'] challenge = request.session['u2f_registration_challenge'] print(challenge) del request.session['u2f_registration_challenge'] device, attestation_cert = u2f.complete_register( challenge, response) request.user.u2f_keys.create( public_key=device['publicKey'], key_handle=device['keyHandle'], app_id=device['appId'], ) print("%s\n\n\n%s" % (device, attestation_cert)) return HttpResponseRedirect('/dashboard/') # Else if its a GET variable # Send them the request origin = '{scheme}://{host}'.format( scheme='https' if request.is_secure() else 'http', host=request.get_host(), ) origin = "https://www.bestedm.org" challenge = u2f.start_register(origin) request.session['u2f_registration_challenge'] = challenge # sign_requests = [u2f.start_authenticate(d.to_json()) for d in request.user.u2f_keys.all()] context = {'challenge': json.dumps(challenge)} # 'sign_requests': sign_requests} return render(request, 'u2f/add_key.html', context)
def add_key(request): if request.method == 'POST': # Add the key keyresponseform = KeyResponseForm(request.POST) if keyresponseform.is_valid(): response = keyresponseform.cleaned_data['response'] challenge = request.session['u2f_registration_challenge'] print(challenge) del request.session['u2f_registration_challenge'] device, attestation_cert = u2f.complete_register(challenge, response) request.user.u2f_keys.create( public_key=device['publicKey'], key_handle=device['keyHandle'], app_id=device['appId'], ) print("%s\n\n\n%s" % (device, attestation_cert)) return HttpResponseRedirect('/dashboard/') # Else if its a GET variable # Send them the request origin = '{scheme}://{host}'.format( scheme='https' if request.is_secure() else 'http', host=request.get_host(), ) challenge = u2f.start_register(origin) request.session['u2f_registration_challenge'] = challenge # sign_requests = [u2f.start_authenticate(d.to_json()) for d in request.user.u2f_keys.all()] context = {'challenge': json.dumps(challenge)} # 'sign_requests': sign_requests} return render(request, 'u2f/add_key.html', context)
def test_register_soft_u2f(self): token = SoftU2FDevice() request = u2f.start_register(APP_ID) response = token.register(request.json, FACET) device, cert = u2f.complete_register(request, response) assert device
def bind(self, username, data): user = self.users[username] binding, cert = complete_register(user['_u2f_enroll_'], data, [self.facet]) user['_u2f_binding_'] = binding.json log.info("U2F device enrolled. Username: %s", username) log.debug("Attestation certificate:\n%s", cert.as_text()) return json.dumps(True)
def bind(self, username, password, data): user = self._get_user(username, password) enroll = user.attributes['_u2f_enroll_'] binding, cert = complete_register(enroll, data, [self.origin]) user.attributes['_u2f_binding_'] = binding.json user.attributes['_u2f_cert_'] = cert.as_pem() return json.dumps({ 'username': username[4:], 'origin': self.origin, 'attest_cert': cert.as_pem() })
def form_valid(self, form): response = form.cleaned_data['response'] challenge = self.request.session['u2f_registration_challenge'] del self.request.session['u2f_registration_challenge'] device, attestation_cert = u2f.complete_register(challenge, response) self.request.user.u2f_keys.create( public_key=device['publicKey'], key_handle=device['keyHandle'], app_id=device['appId'], ) messages.success(self.request, 'Key added.') return HttpResponseRedirect(reverse(keys))
def form_valid(self, form): response = form.cleaned_data['response'] challenge = self.request.session['u2f_registration_challenge'] del self.request.session['u2f_registration_challenge'] device, attestation_cert = u2f.complete_register(challenge, response) self.request.user.u2f_keys.create( public_key=device['publicKey'], key_handle=device['keyHandle'], app_id=device['appId'], ) messages.success(self.request, _("Key added.")) return super(AddKeyView, self).form_valid(form)
def register_complete(self, username, resp): memkey = resp.clientData.challenge data = self._memstore.retrieve(self._client.id, username, memkey) bind, cert = complete_register(data['request'], resp, self._client.valid_facets) attestation = self._metadata.get_attestation(cert) if self._require_trusted and not attestation.trusted: raise BadInputException('Device type is not trusted') user = self._get_or_create_user(username) dev = user.add_device(bind.json, cert) log.info('User: "******" - Device registered: "%s"', self._client.name, username, dev.handle) return dev.handle
def register_complete(self, username, resp): memkey = resp.clientData.challenge data = self._memstore.retrieve(self._client.id, username, memkey) bind, cert = complete_register(data['request'], resp, self._client.valid_facets) attestation = self._metadata.get_attestation(cert) if self._require_trusted and not attestation.trusted: raise BadInputException('Device type is not trusted') user = self._get_or_create_user(username) dev = user.add_device(bind.json, cert, attestation.transports) log.info('User: "******" - Device registered: "%s"', self._client.name, username, dev.handle) return dev.handle
def test_wrong_facet(self): token = SoftU2FDevice() request = u2f.start_register(APP_ID) response = token.register(request.json, "http://wrongfacet.com") try: u2f.complete_register(request, response, FACETS) except: pass else: assert False, "Incorrect facet should fail!" response2 = token.register(request.json, FACET) device, cert = u2f.complete_register(request, response2) challenge = u2f.start_authenticate(device) response = token.getAssertion(challenge.json, "http://notright.com") try: u2f.verify_authenticate(device, challenge, response, FACETS) except: pass else: assert False, "Incorrect facet should fail!"
def enroll_response(): username = session.get('username') user = db_session.query(User).filter_by(username=username).first() response = dict(registrationData=session.get('registrationData'), clientData=session.get('clientData')) binding, cert = complete_register(session.get('u2f_enroll'), response, 'http://localhost:5000') user.u2f_binding = binding.json db_session.commit() print binding.json print cert.as_text() return Response('Enrolled token!')
def test_register_fixed_values(self): request = {"challenge": "KEzvDDdHwnXtPHIMb0Uh43hgOJ-wQTsdLujGkeg6JxM", "version": "U2F_V2", "appId": "http://localhost:8081"} response = {"registrationData": "BQS94xQL46G4vheJPkYSuEteM6Km4-MwgBAu1zZ6MAbjDDgqhYbpHuIhhGOKjedeDd58qqktqOJsby9wMdHGnUtVQD8ISPywVi3J6SaKebCVQdHPu3_zQigRS8LhoDwKT5Ed3tg8AWuNw9XBZEh4doEDxKGuInFazirUw8acOu2qDcEwggIjMIIBDaADAgECAgRyuHt0MAsGCSqGSIb3DQEBCzAPMQ0wCwYDVQQDEwR0ZXN0MB4XDTE1MDkwNDA3MTAyNloXDTE2MDkwMzA3MTAyNlowKjEoMCYGA1UEAxMfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTkyNDY5Mjg1MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC37i_h-xmEtGfWnuvj_BmuhtU18MKShNP_vZ7C2WJwj8OHaSLnzAfha14CMUPaKPtRFfP6w9CFGhvEizH33XZKjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS4yMBMGCysGAQQBguUcAgEBBAQDAgQwMAsGCSqGSIb3DQEBCwOCAQEAab7fWlJ-lOR1sqIxawPU5DWZ1b9nQ0QmNNoetPHJ_fJC95r0esRq5axfmGufbNktNWanHww7i9n5WWxSaMTWuJSF0eAXUajo8odYA8nB4_0I6z615MWa9hTU64Pl9HlqkR5ez5jndmJNuAfhaIF4h062Jw051kMo_aENxuLixnybTfJG7Q5KRE00o2MFs5b9L9fzhDtBzv5Z-vGOefuiohowpwnxIA9l0tGqrum9plUdx06K9TqKMRDQ8naosy01rbouA6i5xVjl-tHT3z-r__FYcSZ_dQ5-SCPOh4F0w6T0UwzymQmeqYN3pP-UUgnJ-ihD-uhEWklKNYRy0K0G0jBGAiEA7rbbx2jwC1YGICkZMR07ggKWaHCwFBxNDW3OwhLNNzUCIQCSq0sjGSUnWMQgPEImrmd3tMKcbrjI995rti6UYozqsg", "clientData": "eyJvcmlnaW4iOiAiaHR0cDovL2xvY2FsaG9zdDo4MDgxIiwgImNoYWxsZW5nZSI6ICJLRXp2RERkSHduWHRQSElNYjBVaDQzaGdPSi13UVRzZEx1akdrZWc2SnhNIiwgInR5cCI6ICJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCJ9"} u2f.complete_register(request, response)