47 lines
1.6 KiB
Python
47 lines
1.6 KiB
Python
from fido2.hid import CtapHidDevice
|
|
from fido2.client import Fido2Client
|
|
from fido2.server import Fido2Server
|
|
from fido2.webauthn import PublicKeyCredentialRpEntity
|
|
|
|
while True:
|
|
|
|
# Discover FIDO2 devices connected via USB
|
|
devices = list(CtapHidDevice.list_devices())
|
|
if not devices:
|
|
#raise ValueError("No FIDO2 device found")
|
|
pass
|
|
else:
|
|
device = devices[0]
|
|
break
|
|
|
|
# Use the first available device
|
|
client = Fido2Client(device, "https://example.com")
|
|
rp = PublicKeyCredentialRpEntity("example.com", "Example RP")
|
|
server = Fido2Server(rp)
|
|
|
|
# Example: Registration
|
|
user = {"id": b"user_id", "name": "john_doe", "displayName": "John Doe"}
|
|
challenge = server.register_begin(user)
|
|
|
|
print(challenge)
|
|
|
|
# Prompt user to perform registration action on the device
|
|
attestation_object, client_data = client.make_credential(challenge)
|
|
|
|
# Finalize registration on the server
|
|
auth_data = server.register_complete(challenge['state'], client_data, attestation_object)
|
|
|
|
print("Registration complete. Credential ID:", auth_data.credential_data.credential_id)
|
|
|
|
# Example: Authentication
|
|
credentials = [auth_data.credential_data]
|
|
challenge = server.authenticate_begin(credentials)
|
|
|
|
# Prompt user to perform authentication action on the device
|
|
assertion, client_data = client.get_assertion(challenge['publicKey'])
|
|
assertion_response = assertion[0] # Assuming the first assertion (most common scenario)
|
|
|
|
# Finalize authentication on the server
|
|
server.authenticate_complete(challenge['state'], credentials, assertion_response, client_data)
|
|
print("Authentication successful!")
|