credblobex.py

@@ -1,144 +0,0 @@
-# Copyright (c) 2018 Yubico AB
-# All rights reserved.
-#
-#   Redistribution and use in source and binary forms, with or
-#   without modification, are permitted provided that the following
-#   conditions are met:
-#
-#    1. Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#    2. Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-"""
-Connects to the first FIDO device found (starts from USB, then looks into NFC),
-creates a new credential for it, and authenticates the credential.
-This works with both FIDO 2.0 devices as well as with U2F devices.
-On Windows, the native WebAuthn API will be used.
-"""
-from fido2.hid import CtapHidDevice
-from fido2.client import Fido2Client, WindowsClient, UserInteraction
-from fido2.server import Fido2Server
-from getpass import getpass
-import sys
-import ctypes
-
-try:
-    from fido2.pcsc import CtapPcscDevice
-except ImportError:
-    CtapPcscDevice = None
-
-
-def enumerate_devices():
-    for dev in CtapHidDevice.list_devices():
-        yield dev
-    if CtapPcscDevice:
-        for dev in CtapPcscDevice.list_devices():
-            yield dev
-
-
-# Handle user interaction
-class CliInteraction(UserInteraction):
-    def prompt_up(self):
-        print("\nTouch your authenticator device now...\n")
-
-    def request_pin(self, permissions, rd_id):
-        return getpass("Enter PIN: ")
-
-    def request_uv(self, permissions, rd_id):
-        print("User Verification required.")
-        return True
-
-
-uv = "discouraged"
-
-if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin():
-    # Use the Windows WebAuthn API if available, and we're not running as admin
-    client = WindowsClient("https://example.com")
-else:
-    # Locate a device
-    for dev in enumerate_devices():
-        client = Fido2Client(
-            dev, "https://example.com", user_interaction=CliInteraction()
-        )
-        if client.info.options.get("rk"):
-            break
-    else:
-        print("No Authenticator with support for resident key found!")
-        sys.exit(1)
-
-    # Prefer UV if supported
-    if client.info.options.get("uv"):
-        uv = "preferred"
-        print("Authenticator supports User Verification")
-
-
-server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct")
-
-user = {"id": b"user_id", "name": "A. User"}
-
-# Prepare parameters for makeCredential
-create_options, state = server.register_begin(
-    user,
-    resident_key_requirement="required",
-    user_verification=uv,
-    authenticator_attachment="cross-platform",
-)
-
-# Create a credential
-result = client.make_credential(create_options["publicKey"])
-
-
-# Complete registration
-auth_data = server.register_complete(
-    state, result.client_data, result.attestation_object
-)
-credentials = [auth_data.credential_data]
-
-print("New credential created!")
-
-print("CLIENT DATA:", result.client_data)
-print("ATTESTATION OBJECT:", result.attestation_object)
-print()
-print("CREDENTIAL DATA:", auth_data.credential_data)
-
-
-# Prepare parameters for getAssertion
-request_options, state = server.authenticate_begin(user_verification=uv)
-
-# Authenticate the credential
-selection = client.get_assertion(request_options["publicKey"])
-result = selection.get_response(0)  # There may be multiple responses, get the first.
-
-print("USER ID:", result.user_handle)
-
-# Complete authenticator
-server.authenticate_complete(
-    state,
-    credentials,
-    result.credential_id,
-    result.client_data,
-    result.authenticator_data,
-    result.signature,
-)
-
-print("Credential authenticated!")
-
-print("CLIENT DATA:", result.client_data)
-print()
-print("AUTHENTICATOR DATA:", result.authenticator_data)

credentailsex.py

@@ -1,137 +0,0 @@
-# Copyright (c) 2018 Yubico AB
-# All rights reserved.
-#
-#   Redistribution and use in source and binary forms, with or
-#   without modification, are permitted provided that the following
-#   conditions are met:
-#
-#    1. Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#    2. Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-"""
-Connects to the first FIDO device found (starts from USB, then looks into NFC),
-creates a new credential for it, and authenticates the credential.
-This works with both FIDO 2.0 devices as well as with U2F devices.
-On Windows, the native WebAuthn API will be used.
-"""
-from fido2.hid import CtapHidDevice
-from fido2.client import Fido2Client, WindowsClient, UserInteraction
-from fido2.server import Fido2Server
-from getpass import getpass
-import sys
-import ctypes
-
-
-# Handle user interaction
-class CliInteraction(UserInteraction):
-    def prompt_up(self):
-        print("\nTouch your authenticator device now...\n")
-
-    def request_pin(self, permissions, rd_id):
-        return getpass("Enter PIN: ")
-
-    def request_uv(self, permissions, rd_id):
-        print("User Verification required.")
-        return True
-
-
-uv = "discouraged"
-
-if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin():
-    # Use the Windows WebAuthn API if available, and we're not running as admin
-    client = WindowsClient("https://example.com")
-else:
-    # Locate a device
-    dev = next(CtapHidDevice.list_devices(), None)
-    if dev is not None:
-        print("Use USB HID channel.")
-    else:
-        try:
-            from fido2.pcsc import CtapPcscDevice
-
-            dev = next(CtapPcscDevice.list_devices(), None)
-            print("Use NFC channel.")
-        except Exception as e:
-            print("NFC channel search error:", e)
-
-    if not dev:
-        print("No FIDO device found")
-        sys.exit(1)
-
-    # Set up a FIDO 2 client using the origin https://example.com
-    client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction())
-
-    # Prefer UV if supported and configured
-    if client.info.options.get("uv") or client.info.options.get("pinUvAuthToken"):
-        uv = "preferred"
-        print("Authenticator supports User Verification")
-
-
-server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct")
-
-user = {"id": b"user_id", "name": "A. User"}
-
-
-# Prepare parameters for makeCredential
-create_options, state = server.register_begin(
-    user, user_verification=uv, authenticator_attachment="cross-platform"
-)
-
-# Create a credential
-result = client.make_credential(create_options["publicKey"])
-
-# Complete registration
-auth_data = server.register_complete(
-    state, result.client_data, result.attestation_object
-)
-credentials = [auth_data.credential_data]
-
-print("New credential created!")
-
-print("CLIENT DATA:", result.client_data)
-print("ATTESTATION OBJECT:", result.attestation_object)
-print()
-print("CREDENTIAL DATA:", auth_data.credential_data)
-
-
-# Prepare parameters for getAssertion
-request_options, state = server.authenticate_begin(credentials, user_verification=uv)
-
-# Authenticate the credential
-result = client.get_assertion(request_options["publicKey"])
-
-# Only one cred in allowCredentials, only one response.
-result = result.get_response(0)
-
-# Complete authenticator
-server.authenticate_complete(
-    state,
-    credentials,
-    result.credential_id,
-    result.client_data,
-    result.authenticator_data,
-    result.signature,
-)
-
-print("Credential authenticated!")
-
-print("CLIENT DATA:", result.client_data)
-print()
-print("AUTH DATA:", result.authenticator_data)