from fido2.hid import CtapHidDevice from fido2.server import Fido2Server from fido2.webauthn import PublicKeyCredentialRpEntity, UserVerificationRequirement, PublicKeyCredentialUserEntity, \ PublicKeyCredentialCreationOptions from fido2.client import Fido2Client import os # Initialize the FIDO2 server rp = PublicKeyCredentialRpEntity("example.com", "Example Corporation") server = Fido2Server(rp) # User information user_id = os.urandom(32) user = PublicKeyCredentialUserEntity("testuser", b"Example Corporation") # Create a registration request registration_data = PublicKeyCredentialCreationOptions(rp, user, os.urandom(32), rp) state = server.register_begin(user, challenge=os.urandom(32), user_verification=UserVerificationRequirement.PREFERRED) # List FIDO devices devices = list(CtapHidDevice.list_devices()) if not devices: print("No FIDO devices found") exit(1) # Select the first device (you could add logic to choose a device) device = devices[0] print("Using device:", device) # Simulate client processing and generate a response (normally done in browser) client = Fido2Client(device, "https://example.com") attestation_object, client_data = client.make_credential(registration_data) # Setup Relying Party rp = PublicKeyCredentialRpEntity("example.com", name="Example Corporation") server = Fido2Server(rp) # User information user_id = os.urandom(32) user = {"id": user_id, "name": "user@example.com", "displayName": "Example User"} # Create a registration request registration_data, state = server.register_begin({ "id": user_id, "name": user['name'], "displayName": user['displayName'] }, challenge=os.urandom(32), user_verification="preferred") # Use the client to create a credential attestation_object, client_data = client.make_credential(registration_data) # Complete registration authenticator_data = server.register_complete( state, client_data, attestation_object ) print("Registration complete") print("Authenticator data:", authenticator_data.credential_data) # Authentication process auth_data, state = server.authenticate_begin(user_id) # Simulate client processing and generate a response assertion = client.get_assertion(auth_data["publicKey"]) assertion_response = assertion.get_response(0) # Complete authentication credentials, user_handle = server.authenticate_complete( state, auth_data["allowCredentials"], assertion_response.client_data, assertion_response.authenticator_data, assertion_response.signature ) print("Authentication complete") print("User handle:", user_handle) print("Credentials:", credentials)