141 lines
4.2 KiB
Python
141 lines
4.2 KiB
Python
import time
|
|
|
|
import pickle
|
|
|
|
import fido2.webauthn
|
|
from fido2.hid import CtapHidDevice
|
|
from fido2.client import Fido2Client, WindowsClient, UserInteraction
|
|
from fido2.server import Fido2Server
|
|
from getpass import getpass
|
|
import sys
|
|
import ctypes
|
|
from fido2.ctap2 import Ctap2
|
|
|
|
|
|
class CliInteraction(UserInteraction):
|
|
def prompt_up(self):
|
|
print("\nTouch your authenticator device now...\n")
|
|
|
|
def request_pin(self, permissions, rd_id):
|
|
return getpass("Enter PIN: ")
|
|
|
|
def request_uv(self, permissions, rd_id):
|
|
print("User Verification required.")
|
|
return True
|
|
|
|
|
|
uv = "discouraged"
|
|
|
|
if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin():
|
|
# Use the Windows WebAuthn API if available, and we're not running as admin
|
|
client = WindowsClient("https://example.com")
|
|
else:
|
|
# Locate a device
|
|
dev = next(CtapHidDevice.list_devices(), None)
|
|
if dev is not None:
|
|
print("Use USB HID channel.")
|
|
else:
|
|
try:
|
|
from fido2.pcsc import CtapPcscDevice
|
|
|
|
dev = next(CtapPcscDevice.list_devices(), None)
|
|
print("Use NFC channel.")
|
|
except Exception as e:
|
|
print("NFC channel search error:", e)
|
|
|
|
if not dev:
|
|
print("No FIDO device found")
|
|
sys.exit(1)
|
|
|
|
# Set up a FIDO 2 client using the origin https://example.com
|
|
client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction())
|
|
|
|
# Prefer UV if supported and configured
|
|
if client.info.options.get("uv") or client.info.options.get("pinUvAuthToken"):
|
|
uv = "preferred"
|
|
print("Authenticator supports User Verification")
|
|
|
|
server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct")
|
|
|
|
user = {"id": b"user_id", "name": "A. User"}
|
|
|
|
# Prepare parameters for makeCredential
|
|
create_options, state = server.register_begin(
|
|
user, user_verification=uv, authenticator_attachment="cross-platform"
|
|
)
|
|
|
|
# Create a credential
|
|
result = client.make_credential(create_options["publicKey"])
|
|
|
|
# Complete registration
|
|
auth_data = server.register_complete(
|
|
state, result.client_data, result.attestation_object
|
|
)
|
|
credentials = [auth_data.credential_data]
|
|
|
|
AAGUID = auth_data.credential_data.aaguid
|
|
cred_id = auth_data.credential_data.credential_id
|
|
pk_algo = auth_data.credential_data.public_key.ALGORITHM
|
|
pk_1 = auth_data.credential_data.public_key.get(1)
|
|
pk_3 = auth_data.credential_data.public_key.get(3)
|
|
pk__1 = auth_data.credential_data.public_key.get(-1)
|
|
pk__2 = auth_data.credential_data.public_key.get(-2)
|
|
pk__3 = auth_data.credential_data.public_key.get(-3)
|
|
pickled = pickle.dumps(credentials)
|
|
|
|
import psycopg2
|
|
|
|
# Replace these variables with your connection parameters
|
|
dbname = "CNSA-276-FP-DAS"
|
|
user = "FP-DEV-USER"
|
|
password = "purchase-immortal-prescribe-repave-detention-seizing-candied-antiques-episode-list"
|
|
host = "postgres.eggtech.net"
|
|
|
|
|
|
# Function to connect to the PostgreSQL database and insert data
|
|
def insert_data(aaguid, cred_id, pk_algo, pk_1, pk_3, pk__1, pk__2, pk__3):
|
|
conn = None
|
|
try:
|
|
# Connect to the PostgreSQL server
|
|
conn = psycopg2.connect(dbname=dbname, user=user, password=password, host=host)
|
|
cur = conn.cursor()
|
|
# Define the SQL query for inserting data
|
|
insert_query = '''
|
|
INSERT INTO credential_data ("AAGUID", "credential_id", "pk_algo", "pk_1", "pk_3", "pk_neg1", "pk_neg2", "pk_neg3", "pickled")
|
|
VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s);
|
|
'''
|
|
|
|
# Execute the SQL query
|
|
cur.execute(insert_query, (aaguid, cred_id, pk_algo, pk_1, pk_3, pk__1, pk__2, pk__3, pickled))
|
|
|
|
# Commit the changes
|
|
conn.commit()
|
|
|
|
# Close communication with the database
|
|
cur.close()
|
|
except (Exception, psycopg2.DatabaseError) as error:
|
|
print(error)
|
|
finally:
|
|
if conn is not None:
|
|
conn.close()
|
|
|
|
|
|
# Assuming auth_data is defined and you've extracted your data as you've shown above
|
|
insert_data(
|
|
AAGUID,
|
|
cred_id,
|
|
pk_algo,
|
|
pk_1,
|
|
pk_3,
|
|
pk__1,
|
|
pk__2,
|
|
pk__3
|
|
)
|
|
|
|
print("New credential created!")
|
|
|
|
print("CLIENT DATA:", result.client_data)
|
|
print("ATTESTATION OBJECT:", result.attestation_object)
|
|
print()
|
|
print("CREDENTIAL DATA:", auth_data.credential_data)
|