-
-
Notifications
You must be signed in to change notification settings - Fork 182
/
Copy pathAssertionOptions.cs
74 lines (65 loc) · 3.55 KB
/
AssertionOptions.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
using System.Collections.Generic;
using Fido2NetLib.Objects;
using Newtonsoft.Json;
namespace Fido2NetLib
{
/// <summary>
/// Sent to the browser when we want to Assert credentials and authenticate a user
/// </summary>
public class AssertionOptions : Fido2ResponseBase
{
/// <summary>
/// This member represents a challenge that the selected authenticator signs, along with other data, when producing an authentication assertion.See the §13.1 Cryptographic Challenges security consideration.
/// </summary>
[JsonProperty("challenge")]
[JsonConverter(typeof(Base64UrlConverter))]
public byte[] Challenge { get; set; }
/// <summary>
/// This member specifies a time, in milliseconds, that the caller is willing to wait for the call to complete. This is treated as a hint, and MAY be overridden by the client.
/// </summary>
[JsonProperty("timeout")]
public uint Timeout { get; set; }
/// <summary>
/// This OPTIONAL member specifies the relying party identifier claimed by the caller.If omitted, its value will be the CredentialsContainer object’s relevant settings object's origin's effective domain
/// </summary>
[JsonProperty("rpId")]
public string RpId { get; set; }
/// <summary>
/// This OPTIONAL member contains a list of PublicKeyCredentialDescriptor objects representing public key credentials acceptable to the caller, in descending order of the caller’s preference(the first item in the list is the most preferred credential, and so on down the list)
/// </summary>
[JsonProperty("allowCredentials")]
public IEnumerable<PublicKeyCredentialDescriptor> AllowCredentials { get; set; }
/// <summary>
/// This member describes the Relying Party's requirements regarding user verification for the get() operation. Eligible authenticators are filtered to only those capable of satisfying this requirement
/// </summary>
[JsonProperty("userVerification")]
public UserVerificationRequirement? UserVerification { get; set; }
/// <summary>
/// This OPTIONAL member contains additional parameters requesting additional processing by the client and authenticator. For example, if transaction confirmation is sought from the user, then the prompt string might be included as an extension.
/// </summary>
[JsonProperty("extensions", NullValueHandling = NullValueHandling.Ignore)]
public AuthenticationExtensionsClientInputs Extensions { get; set; }
public static AssertionOptions Create(Fido2Configuration config, byte[] challenge, IEnumerable<PublicKeyCredentialDescriptor> allowedCredentials, UserVerificationRequirement? userVerification, AuthenticationExtensionsClientInputs extensions)
{
return new AssertionOptions()
{
Status = "ok",
ErrorMessage = string.Empty,
Challenge = challenge,
Timeout = config.Timeout,
RpId = config.ServerDomain,
AllowCredentials = allowedCredentials ?? new List<PublicKeyCredentialDescriptor>(),
UserVerification = userVerification,
Extensions = extensions
};
}
public string ToJson()
{
return JsonConvert.SerializeObject(this);
}
public static AssertionOptions FromJson(string json)
{
return JsonConvert.DeserializeObject<AssertionOptions>(json);
}
}
}