From 6c37079876a696baec94564b1d966009fd907ec5 Mon Sep 17 00:00:00 2001 From: caschick221 Date: Thu, 2 May 2024 14:47:20 -0400 Subject: [PATCH] seperated register and main --- Register.py | 140 +++++++++++++++++++++++++++ main.py | 269 +++++++++++++++------------------------------------- 2 files changed, 214 insertions(+), 195 deletions(-) create mode 100644 Register.py diff --git a/Register.py b/Register.py new file mode 100644 index 0000000..c8e2801 --- /dev/null +++ b/Register.py @@ -0,0 +1,140 @@ +import time + +import pickle + +import fido2.webauthn +from fido2.hid import CtapHidDevice +from fido2.client import Fido2Client, WindowsClient, UserInteraction +from fido2.server import Fido2Server +from getpass import getpass +import sys +import ctypes +from fido2.ctap2 import Ctap2 + + +class CliInteraction(UserInteraction): + def prompt_up(self): + print("\nTouch your authenticator device now...\n") + + def request_pin(self, permissions, rd_id): + return getpass("Enter PIN: ") + + def request_uv(self, permissions, rd_id): + print("User Verification required.") + return True + + +uv = "discouraged" + +if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin(): + # Use the Windows WebAuthn API if available, and we're not running as admin + client = WindowsClient("https://example.com") +else: + # Locate a device + dev = next(CtapHidDevice.list_devices(), None) + if dev is not None: + print("Use USB HID channel.") + else: + try: + from fido2.pcsc import CtapPcscDevice + + dev = next(CtapPcscDevice.list_devices(), None) + print("Use NFC channel.") + except Exception as e: + print("NFC channel search error:", e) + + if not dev: + print("No FIDO device found") + sys.exit(1) + + # Set up a FIDO 2 client using the origin https://example.com + client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction()) + + # Prefer UV if supported and configured + if client.info.options.get("uv") or client.info.options.get("pinUvAuthToken"): + uv = "preferred" + print("Authenticator supports User Verification") + +server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct") + +user = {"id": b"user_id", "name": "A. User"} + +# Prepare parameters for makeCredential +create_options, state = server.register_begin( + user, user_verification=uv, authenticator_attachment="cross-platform" +) + +# Create a credential +result = client.make_credential(create_options["publicKey"]) + +# Complete registration +auth_data = server.register_complete( + state, result.client_data, result.attestation_object +) +credentials = [auth_data.credential_data] + +AAGUID = auth_data.credential_data.aaguid +cred_id = auth_data.credential_data.credential_id +pk_algo = auth_data.credential_data.public_key.ALGORITHM +pk_1 = auth_data.credential_data.public_key.get(1) +pk_3 = auth_data.credential_data.public_key.get(3) +pk__1 = auth_data.credential_data.public_key.get(-1) +pk__2 = auth_data.credential_data.public_key.get(-2) +pk__3 = auth_data.credential_data.public_key.get(-3) +pickled = pickle.dumps(credentials) + +import psycopg2 + +# Replace these variables with your connection parameters +dbname = "CNSA-276-FP-DAS" +user = "FP-DEV-USER" +password = "purchase-immortal-prescribe-repave-detention-seizing-candied-antiques-episode-list" +host = "postgres.eggtech.net" + + +# Function to connect to the PostgreSQL database and insert data +def insert_data(aaguid, cred_id, pk_algo, pk_1, pk_3, pk__1, pk__2, pk__3): + conn = None + try: + # Connect to the PostgreSQL server + conn = psycopg2.connect(dbname=dbname, user=user, password=password, host=host) + cur = conn.cursor() + # Define the SQL query for inserting data + insert_query = ''' + INSERT INTO credential_data ("AAGUID", "credential_id", "pk_algo", "pk_1", "pk_3", "pk_neg1", "pk_neg2", "pk_neg3", "pickled") + VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s); + ''' + + # Execute the SQL query + cur.execute(insert_query, (aaguid, cred_id, pk_algo, pk_1, pk_3, pk__1, pk__2, pk__3, pickled)) + + # Commit the changes + conn.commit() + + # Close communication with the database + cur.close() + except (Exception, psycopg2.DatabaseError) as error: + print(error) + finally: + if conn is not None: + conn.close() + + +# Assuming auth_data is defined and you've extracted your data as you've shown above +insert_data( + AAGUID, + cred_id, + pk_algo, + pk_1, + pk_3, + pk__1, + pk__2, + pk__3 +) + +print("New credential created!") + +print("CLIENT DATA:", result.client_data) +print("ATTESTATION OBJECT:", result.attestation_object) +print() +print("CREDENTIAL DATA:", auth_data.credential_data) diff --git a/main.py b/main.py index 9fb17fc..dcbc8fc 100644 --- a/main.py +++ b/main.py @@ -73,69 +73,13 @@ while True: def request_uv(self, permissions, rd_id): print("User Verification required.") return True - if REGISTER: + try: + server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct") uv = "discouraged" - if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin(): - # Use the Windows WebAuthn API if available, and we're not running as admin - client = WindowsClient("https://example.com") - else: - # Locate a device - dev = next(CtapHidDevice.list_devices(), None) - if dev is not None: - print("Use USB HID channel.") - else: - try: - from fido2.pcsc import CtapPcscDevice - - dev = next(CtapPcscDevice.list_devices(), None) - print("Use NFC channel.") - except Exception as e: - print("NFC channel search error:", e) - - if not dev: - print("No FIDO device found") - sys.exit(1) - - # Set up a FIDO 2 client using the origin https://example.com - client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction()) - - # Prefer UV if supported and configured - if client.info.options.get("uv") or client.info.options.get("pinUvAuthToken"): - uv = "preferred" - print("Authenticator supports User Verification") - - - server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct") - - user = {"id": b"user_id", "name": "A. User"} - - - # Prepare parameters for makeCredential - create_options, state = server.register_begin( - user, user_verification=uv, authenticator_attachment="cross-platform" - ) - - # Create a credential - result = client.make_credential(create_options["publicKey"]) - - # Complete registration - auth_data = server.register_complete( - state, result.client_data, result.attestation_object - ) - credentials = [auth_data.credential_data] - - AAGUID = auth_data.credential_data.aaguid - cred_id = auth_data.credential_data.credential_id - pk_algo = auth_data.credential_data.public_key.ALGORITHM - pk_1 = auth_data.credential_data.public_key.get(1) - pk_3 = auth_data.credential_data.public_key.get(3) - pk__1 = auth_data.credential_data.public_key.get(-1) - pk__2 = auth_data.credential_data.public_key.get(-2) - pk__3 = auth_data.credential_data.public_key.get(-3) - pickled = pickle.dumps(credentials) - + # Set up a FIDO 2 client using the origin https://example.com + client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction()) import psycopg2 @@ -145,25 +89,43 @@ while True: password = "purchase-immortal-prescribe-repave-detention-seizing-candied-antiques-episode-list" host = "postgres.eggtech.net" + # Define the SQL query for retrieving data + select_query = ''' + SELECT "AAGUID", credential_id, pk_algo, pk_1, pk_3, pk_neg1, pk_neg2, pk_neg3, pickled + FROM credential_data + WHERE "AAGUID" = %s; + ''' - # Function to connect to the PostgreSQL database and insert data - def insert_data(aaguid, cred_id, pk_algo, pk_1, pk_3, pk__1, pk__2, pk__3): + + # Function to connect to the PostgreSQL database and retrieve data + def fetch_data(aaguid): conn = None try: # Connect to the PostgreSQL server conn = psycopg2.connect(dbname=dbname, user=user, password=password, host=host) cur = conn.cursor() - # Define the SQL query for inserting data - insert_query = ''' - INSERT INTO credential_data ("AAGUID", "credential_id", "pk_algo", "pk_1", "pk_3", "pk_neg1", "pk_neg2", "pk_neg3", "pickled") - VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s); - ''' # Execute the SQL query - cur.execute(insert_query, (aaguid, cred_id, pk_algo, pk_1, pk_3, pk__1, pk__2, pk__3, pickled)) + cur.execute(select_query, (gotAaguid,)) - # Commit the changes - conn.commit() + # Fetch the results + result = cur.fetchone() + if result: + data = { + "AAGUID": result[0], + "credential_id": result[1], + "pk_algo": result[2], + "pk_1": result[3], + "pk_3": result[4], + "pk_neg1": result[5], + "pk_neg2": result[6], + "pk_neg3": result[7], + "pickled": result[8] + } + return data + else: + print("No data found for AAGUID:", aaguid) + return None # Close communication with the database cur.close() @@ -173,133 +135,50 @@ while True: if conn is not None: conn.close() - # Assuming auth_data is defined and you've extracted your data as you've shown above - insert_data( - AAGUID, - cred_id, - pk_algo, - pk_1, - pk_3, - pk__1, - pk__2, - pk__3 + + # Example usage: Fetch data for a specific AAGUID and store in variables + aaguid_data = fetch_data("your_specific_aaguid_here") + + if aaguid_data: + # Store each piece of data into a separate variable + testa = aaguid_data["AAGUID"] + cred_id = aaguid_data["credential_id"] + pk_algo = aaguid_data["pk_algo"] + pk_1 = aaguid_data["pk_1"] + pk_3 = aaguid_data["pk_3"] + pk_neg1 = aaguid_data["pk_neg1"] + pk_neg2 = aaguid_data["pk_neg2"] + pk_neg3 = aaguid_data["pk_neg3"] + pickled = aaguid_data["pickled"] + + + credentials = pickle.loads(pickled) + + + # Prepare parameters for getAssertion + request_options, state = server.authenticate_begin(credentials, user_verification=uv) + + # Authenticate the credential + result = client.get_assertion(request_options["publicKey"]) + + # Only one cred in allowCredentials, only one response. + result = result.get_response(0) + + # Complete authenticator + server.authenticate_complete( + state, + + credentials, + result.credential_id, + result.client_data, + result.authenticator_data, + result.signature, ) - - - print("New credential created!") + print("Credential authenticated!") print("CLIENT DATA:", result.client_data) - print("ATTESTATION OBJECT:", result.attestation_object) print() - print("CREDENTIAL DATA:", auth_data.credential_data) - - else: - try: - server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct") - uv = "discouraged" - - # Set up a FIDO 2 client using the origin https://example.com - client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction()) - - import psycopg2 - - # Replace these variables with your connection parameters - dbname = "CNSA-276-FP-DAS" - user = "FP-DEV-USER" - password = "purchase-immortal-prescribe-repave-detention-seizing-candied-antiques-episode-list" - host = "postgres.eggtech.net" - - # Define the SQL query for retrieving data - select_query = ''' - SELECT "AAGUID", credential_id, pk_algo, pk_1, pk_3, pk_neg1, pk_neg2, pk_neg3, pickled - FROM credential_data - WHERE "AAGUID" = %s; - ''' - - - # Function to connect to the PostgreSQL database and retrieve data - def fetch_data(aaguid): - conn = None - try: - # Connect to the PostgreSQL server - conn = psycopg2.connect(dbname=dbname, user=user, password=password, host=host) - cur = conn.cursor() - - # Execute the SQL query - cur.execute(select_query, (gotAaguid,)) - - # Fetch the results - result = cur.fetchone() - if result: - data = { - "AAGUID": result[0], - "credential_id": result[1], - "pk_algo": result[2], - "pk_1": result[3], - "pk_3": result[4], - "pk_neg1": result[5], - "pk_neg2": result[6], - "pk_neg3": result[7], - "pickled": result[8] - } - return data - else: - print("No data found for AAGUID:", aaguid) - return None - - # Close communication with the database - cur.close() - except (Exception, psycopg2.DatabaseError) as error: - print(error) - finally: - if conn is not None: - conn.close() - - - # Example usage: Fetch data for a specific AAGUID and store in variables - aaguid_data = fetch_data("your_specific_aaguid_here") - - if aaguid_data: - # Store each piece of data into a separate variable - testa = aaguid_data["AAGUID"] - cred_id = aaguid_data["credential_id"] - pk_algo = aaguid_data["pk_algo"] - pk_1 = aaguid_data["pk_1"] - pk_3 = aaguid_data["pk_3"] - pk_neg1 = aaguid_data["pk_neg1"] - pk_neg2 = aaguid_data["pk_neg2"] - pk_neg3 = aaguid_data["pk_neg3"] - pickled = aaguid_data["pickled"] - - - credentials = pickle.loads(pickled) - - - # Prepare parameters for getAssertion - request_options, state = server.authenticate_begin(credentials, user_verification=uv) - - # Authenticate the credential - result = client.get_assertion(request_options["publicKey"]) - - # Only one cred in allowCredentials, only one response. - result = result.get_response(0) - - # Complete authenticator - server.authenticate_complete( - state, - - credentials, - result.credential_id, - result.client_data, - result.authenticator_data, - result.signature, - ) - - print("Credential authenticated!") - - print("CLIENT DATA:", result.client_data) - print() - print("AUTH DATA:", result.authenticator_data) - except Exception as e: - pass \ No newline at end of file + print("AUTH DATA:", result.authenticator_data) + except Exception as e: + pass \ No newline at end of file