def test_verify_ec2(crv: EC2Curve.Value, alg: COSEAlgorithmIdentifier.Value, data: bytes): private_key = generate_ec2_private_key(crv) clen = curve_coordinate_byte_length(crv) public_key = private_key.public_key() public_numbers = public_key.public_numbers() ec2_public_key = EC2CredentialPublicKey( kty=COSEKeyType.Value.EC2, crv=crv, alg=alg, x=public_numbers.x.to_bytes(clen, 'big'), y=public_numbers.y.to_bytes(clen, 'big'), ) signature_algorithm = ECDSA(ec2_hash_algorithm(alg)) signature = private_key.sign(data, signature_algorithm) verify(ec2_public_key, signature, data) errors = single_byte_errors(signature) for error in errors: with pytest.raises(VerificationError): verify(ec2_public_key, error, data)
def verify_ec2_public_key(credential_public_key: EC2CredentialPublicKey, signature: bytes, data: bytes) -> None: """Verify the a signature over data using an `EC2CredentialPublicKey`. Args: credential_public_key (EC2CredentialPublicKey): The credential public key to use for verification. signature (bytes): The signature to verify. data (bytes): The data over which to compute the signature. Raises: VerificationError: If the provided signature is not correct. UnimplementedError: If the logic to verify using the given type of key is not implemented. """ public_key = cast(EC2PublicKey, cryptography_public_key(credential_public_key)) if credential_public_key.alg is None: raise VerificationError('alg must not be None') signature_algorithm = ECDSA(ec2_hash_algorithm(credential_public_key.alg)) try: public_key.verify(signature, data, signature_algorithm) except cryptography.exceptions.InvalidSignature: raise VerificationError('EC2 verification failure')
def test_credentials_backend_request_success(): backend = CredentialsBackend(SuccessCredentialsRegistrar()) challenge = b'challenge' credential_id = b'credential-id' auth_data = authenticator_data( TEST_RP_ID_HASH, (AuthenticatorDataFlag.UP.value | AuthenticatorDataFlag.AT.value | AuthenticatorDataFlag.ED.value), b'\x00' * 4, attested_credential_data( b'z' * 16, len(credential_id), credential_id, cbor2.dumps({ -3: TEST_CREDENTIAL_PUBLIC_KEY.y, -2: TEST_CREDENTIAL_PUBLIC_KEY.x, -1: TEST_CREDENTIAL_PUBLIC_KEY.crv.value, 1: TEST_CREDENTIAL_PUBLIC_KEY.kty.value, 3: TEST_CREDENTIAL_PUBLIC_KEY.alg.value, }), ), cbor2.dumps({ 'appid': True, })) client_data_JSON = json_bytes({ 'type': 'webauthn.get', 'challenge': base64s(challenge), 'origin': TEST_RP_ORIGIN, }) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) expected_challenge = challenge backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, )
def attest_android_key( att_stmt: AndroidKeyAttestationStatement, att_obj: AttestationObject, auth_data: bytes, client_data_hash: bytes) -> Tuple[AttestationType, TrustedPath]: """Attest an android key. Args: att_stmt (AndroidKeyAttestationStatement): The attestation statment. att_obj (AttestationObject): The attestation object. auth_data (bytes): The raw authenticator data. client_data_hash (bytes): The client data hash. Returns: The attestation type and trusted path. References: * https://www.w3.org/TR/webauthn/#android-key-attestation * https://source.android.com/security/keystore/attestation * https://developer.android.com/training/articles/security-key-attestation """ if len(att_stmt.x5c) == 0: raise AttestationError('Must have at least 1 X509 certificate') credential_certificate = cryptography.x509.load_der_x509_certificate( att_stmt.x5c[0], default_backend()) cred_cert_pk = credential_certificate.public_key() if not isinstance( cred_cert_pk, (EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey)): raise AttestationError( 'Android key attestation failed: must use an Elliptic Curve Public Key' ) assert att_obj.auth_data is not None assert att_obj.auth_data.attested_credential_data is not None cpk = cryptography_public_key( att_obj.auth_data.attested_credential_data.credential_public_key) verification_data = auth_data + client_data_hash assert att_stmt.sig is not None try: if isinstance(cred_cert_pk, (Ed25519PublicKey, Ed448PublicKey)): cred_cert_pk.verify(att_stmt.sig, verification_data) else: assert isinstance(cred_cert_pk, EllipticCurvePublicKey) assert att_stmt.alg is not None hash_algorithm = ECDSA(ec2_hash_algorithm(att_stmt.alg)) cred_cert_pk.verify(att_stmt.sig, verification_data, hash_algorithm) except cryptography.exceptions.InvalidSignature: raise AttestationError( 'Android Key attestation failed: invalid signature') cpk_public_bytes = cpk.public_bytes(Encoding.DER, PublicFormat.SubjectPublicKeyInfo) cred_cert_public_bytes = cred_cert_pk.public_bytes( Encoding.DER, PublicFormat.SubjectPublicKeyInfo) if cpk_public_bytes != cred_cert_public_bytes: raise AttestationError( ('Android key attestation failed: certificate public key in ' 'attestation statement must match the ' 'provided credential public key')) try: extension = credential_certificate.extensions.get_extension_for_oid( ObjectIdentifier('1.3.6.1.4.1.11129.2.1.17')) assert isinstance(extension.value, UnrecognizedExtension) except cryptography.x509.ExtensionNotFound: raise AttestationError( 'Android key attestation failed: could not find android key ' 'attestation certificate extension data') try: key_description, _ = decode(extension.value.value, KeyDescription()) except PyAsn1Error: raise AttestationError( 'Android key attestation failed: unable to decode DER-encoded ' 'Android Key Description') attestation_challenge = key_description['attestationChallenge'].asOctets() if attestation_challenge != client_data_hash: raise AttestationError( 'Android key attestation failed: client data hash does not match ' 'value of attestation extension data') all_apps_se = key_description['softwareEnforced']['allApplications'] all_apps_tee = key_description['teeEnforced']['allApplications'] if all_apps_se.hasValue() or all_apps_tee.hasValue(): raise AttestationError( 'Android key attestation failed: the allApplications field must not be ' 'present in the android key description') # TODO: Consider selecting the appropriate AuthorizationList. tee_origin = key_description['teeEnforced']['origin'] tee_purpose = key_description['teeEnforced']['purpose'] if not tee_origin.hasValue() or int(tee_origin) != KM_ORIGIN_GENERATED: raise AttestationError(( 'Android key attestation failed: the teeEnforced origin field must ' 'equal KM_ORIGIN_GENERATED={}').format(KM_ORIGIN_GENERATED)) # TODO: Determine if other purposes are also allowed in this set. if not tee_purpose.hasValue() or tee_purpose.count(KM_PURPOSE_SIGN) == 0: raise AttestationError(( 'Android key attestation failed: the teeEnforced purpose field must ' 'contain KM_PURPOSE_SIGN={}').format(KM_PURPOSE_SIGN)) return AttestationType.BASIC, [credential_certificate]
def test_credentials_backend_request_error(): backend = CredentialsBackend(SuccessCredentialsRegistrar()) challenge = b'challenge' credential_id = b'credential-id' auth_data = authenticator_data( TEST_RP_ID_HASH, (AuthenticatorDataFlag.UP.value | AuthenticatorDataFlag.AT.value | AuthenticatorDataFlag.ED.value), b'\x00' * 4, attested_credential_data( b'z' * 16, len(credential_id), credential_id, cbor2.dumps({ -3: TEST_CREDENTIAL_PUBLIC_KEY.y, -2: TEST_CREDENTIAL_PUBLIC_KEY.x, -1: TEST_CREDENTIAL_PUBLIC_KEY.crv.value, 1: TEST_CREDENTIAL_PUBLIC_KEY.kty.value, 3: TEST_CREDENTIAL_PUBLIC_KEY.alg.value, }), ), cbor2.dumps({ 'appid': True, })) client_data_JSON = json_bytes({ 'type': 'webauthn.get', 'challenge': base64s(challenge), 'origin': TEST_RP_ORIGIN, }) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) expected_challenge = challenge with pytest.raises(CredentialNotAllowedError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, allow_credentials=[ PublicKeyCredentialDescriptor( type=PublicKeyCredentialType.PUBLIC_KEY, id=b'cred-id', ) ]) backend = CredentialsBackend(ExceptionCredentialsRegistrar()) with pytest.raises(RegistrationError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) class TestCredentialsRegistrar(SuccessCredentialsRegistrar): def get_credential_data( self, credential_id: bytes) -> Optional[CredentialData]: return None backend = CredentialsBackend(TestCredentialsRegistrar()) with pytest.raises(CredentialDataError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) class TestCredentialsRegistrar(SuccessCredentialsRegistrar): def get_credential_data( self, credential_id: bytes) -> Optional[CredentialData]: return CredentialData(TEST_CREDENTIAL_PUBLIC_KEY, None, user_entity=PublicKeyCredentialUserEntity( name='user', id=b'user-id-mismatch', display_name='username')) backend = CredentialsBackend(TestCredentialsRegistrar()) with pytest.raises(UserIDError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) backend = CredentialsBackend(SuccessCredentialsRegistrar()) with pytest.raises(UserHandleError): backend.handle_credential_assertion( credential=public_key_credential, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) backend = CredentialsBackend(SuccessCredentialsRegistrar()) with pytest.raises(RPNotFoundError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) class TestCredentialsRegistrar(SuccessCredentialsRegistrar): def get_credential_data( self, credential_id: bytes) -> Optional[CredentialData]: return CredentialData(TEST_CREDENTIAL_PUBLIC_KEY, None, TEST_USER, rp_entity=PublicKeyCredentialRpEntity( name='example.com', id='mismatch')) backend = CredentialsBackend(TestCredentialsRegistrar()) with pytest.raises(RPIDError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) class TestCredentialsRegistrar(SuccessCredentialsRegistrar): def get_credential_data( self, credential_id: bytes) -> Optional[CredentialData]: return CredentialData(TEST_CREDENTIAL_PUBLIC_KEY, None, TEST_USER, TEST_RP) backend = CredentialsBackend(TestCredentialsRegistrar()) backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) public_key_credential_error = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, user_handle=b'mismatch', )) backend = CredentialsBackend(SuccessCredentialsRegistrar()) with pytest.raises(UserHandleError): backend.handle_credential_assertion( credential=public_key_credential_error, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) client_data_JSON = json_bytes({ 'type': 'webauthn.create', 'challenge': base64s(challenge), 'origin': TEST_RP_ORIGIN, }) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) backend = CredentialsBackend(SuccessCredentialsRegistrar()) with pytest.raises(ClientDataTypeError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) client_data_JSON = json_bytes({ 'type': 'webauthn.get', 'challenge': '\x90\x91\x92', 'origin': TEST_RP_ORIGIN, }) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) backend = CredentialsBackend(SuccessCredentialsRegistrar()) with pytest.raises(DecodingError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) client_data_JSON = json_bytes({ 'type': 'webauthn.get', 'challenge': 'mismatch', 'origin': TEST_RP_ORIGIN, }) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) backend = CredentialsBackend(SuccessCredentialsRegistrar()) with pytest.raises(ChallengeError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) client_data_JSON = json_bytes({ 'type': 'webauthn.get', 'challenge': base64s(challenge), 'origin': TEST_RP_ORIGIN, }) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) backend = CredentialsBackend(SuccessCredentialsRegistrar()) with pytest.raises(OriginError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin='https://mismatch', ) with pytest.raises(TokenBindingError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding(status=TokenBindingStatus.SUPPORTED)) client_data_JSON = json_bytes({ 'type': 'webauthn.get', 'challenge': base64s(challenge), 'origin': TEST_RP_ORIGIN, 'tokenBinding': { 'status': 'supported' } }) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) with pytest.raises(TokenBindingError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding( status=TokenBindingStatus.PRESENT, id='token-binding-id', )) client_data_JSON = json_bytes({ 'type': 'webauthn.get', 'challenge': base64s(challenge), 'origin': TEST_RP_ORIGIN, 'tokenBinding': { 'status': 'present', 'id': 'token-binding-id-mismatch', } }) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) with pytest.raises(TokenBindingError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding( status=TokenBindingStatus.PRESENT, id='token-binding-id', )) with pytest.raises(TokenBindingError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, ) auth_data = authenticator_data( TEST_RP_ID_HASH, (AuthenticatorDataFlag.AT.value | AuthenticatorDataFlag.ED.value), b'\x00' * 4, attested_credential_data( b'z' * 16, len(credential_id), credential_id, cbor2.dumps({ -3: TEST_CREDENTIAL_PUBLIC_KEY.y, -2: TEST_CREDENTIAL_PUBLIC_KEY.x, -1: TEST_CREDENTIAL_PUBLIC_KEY.crv.value, 1: TEST_CREDENTIAL_PUBLIC_KEY.kty.value, 3: TEST_CREDENTIAL_PUBLIC_KEY.alg.value, }), ), cbor2.dumps({ 'appid': True, })) client_data_JSON = json_bytes({ 'type': 'webauthn.get', 'challenge': base64s(challenge), 'origin': TEST_RP_ORIGIN, 'tokenBinding': { 'status': 'present', 'id': 'token-binding-id', } }) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) class TestCredentialsRegistrar(SuccessCredentialsRegistrar): def get_credential_data( self, credential_id: bytes) -> Optional[CredentialData]: return CredentialData( TEST_CREDENTIAL_PUBLIC_KEY, None, TEST_USER, TEST_RP, ) backend = CredentialsBackend(TestCredentialsRegistrar()) with pytest.raises(RPIDError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=PublicKeyCredentialRpEntity(name='example.com', id='mismatch.example.com'), expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding( status=TokenBindingStatus.PRESENT, id='token-binding-id', ), ) backend = CredentialsBackend(SuccessCredentialsRegistrar()) with pytest.raises(UserPresenceError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding( status=TokenBindingStatus.PRESENT, id='token-binding-id', )) auth_data = authenticator_data( TEST_RP_ID_HASH, (AuthenticatorDataFlag.UP.value | AuthenticatorDataFlag.AT.value | AuthenticatorDataFlag.ED.value), b'\x00' * 4, attested_credential_data( b'z' * 16, len(credential_id), credential_id, cbor2.dumps({ -3: TEST_CREDENTIAL_PUBLIC_KEY.y, -2: TEST_CREDENTIAL_PUBLIC_KEY.x, -1: TEST_CREDENTIAL_PUBLIC_KEY.crv.value, 1: TEST_CREDENTIAL_PUBLIC_KEY.kty.value, 3: TEST_CREDENTIAL_PUBLIC_KEY.alg.value, }), ), cbor2.dumps({ 'appid': True, })) signature_algorithm = ECDSA(ec2_hash_algorithm(TEST_COSE_ALG)) signature = TEST_CRYPTOGRAPHY_PRIVATE_KEY.sign( auth_data + hashlib.sha256(client_data_JSON).digest(), signature_algorithm, ) public_key_credential = PublicKeyCredential( id=base64s(credential_id), type='credential-type', raw_id=credential_id, response=AuthenticatorAssertionResponse( client_data_JSON=client_data_JSON, authenticator_data=auth_data, signature=signature, )) with pytest.raises(UserVerificationError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding( status=TokenBindingStatus.PRESENT, id='token-binding-id', ), require_user_verification=True, ) with pytest.raises(ExtensionError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding( status=TokenBindingStatus.PRESENT, id='token-binding-id', ), expected_extensions={ExtensionIdentifier.TX_AUTH_SIMPLE}, ) class TestCredentialsRegistrar(SuccessCredentialsRegistrar): def get_credential_data( self, credential_id: bytes) -> Optional[CredentialData]: return CredentialData( TEST_CREDENTIAL_PUBLIC_KEY, 10, TEST_USER, ) backend = CredentialsBackend(TestCredentialsRegistrar()) with pytest.raises(SignatureCountError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding( status=TokenBindingStatus.PRESENT, id='token-binding-id', ), ) class TestCredentialsRegistrar(SuccessCredentialsRegistrar): def register_credential_assertion( self, credential: PublicKeyCredential, authenticator_data: AuthenticatorData, user: PublicKeyCredentialUserEntity, rp: PublicKeyCredentialRpEntity) -> Any: raise Exception() backend = CredentialsBackend(TestCredentialsRegistrar()) with pytest.raises(RegistrationError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding( status=TokenBindingStatus.PRESENT, id='token-binding-id', ), ) class TestCredentialsRegistrar(SuccessCredentialsRegistrar): def register_credential_assertion( self, credential: PublicKeyCredential, authenticator_data: AuthenticatorData, user: PublicKeyCredentialUserEntity, rp: PublicKeyCredentialRpEntity) -> Any: return 'Error' backend = CredentialsBackend(TestCredentialsRegistrar()) with pytest.raises(RegistrationError): backend.handle_credential_assertion( credential=public_key_credential, user=TEST_USER, rp=TEST_RP, expected_challenge=expected_challenge, expected_origin=TEST_RP_ORIGIN, token_binding=TokenBinding( status=TokenBindingStatus.PRESENT, id='token-binding-id', ), )
def test_ec2_hash_algorithm_error(alg): with pytest.raises(AssertionError): ec2_hash_algorithm(alg)
def test_ec2_hash_algorithm_success(alg): ec2_hash_algorithm(alg)