diff --git a/src/Core/Abstractions/IFido2AuthenticatorService.cs b/src/Core/Abstractions/IFido2AuthenticatorService.cs new file mode 100644 index 0000000000..b6b160928f --- /dev/null +++ b/src/Core/Abstractions/IFido2AuthenticatorService.cs @@ -0,0 +1,9 @@ +using Bit.Core.Utilities.Fido2; + +namespace Bit.Core.Abstractions +{ + public interface IFido2AuthenticatorService + { + Task GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams); + } +} diff --git a/src/Core/Services/Fido2AuthenticatorService.cs b/src/Core/Services/Fido2AuthenticatorService.cs new file mode 100644 index 0000000000..d0747f3fbe --- /dev/null +++ b/src/Core/Services/Fido2AuthenticatorService.cs @@ -0,0 +1,18 @@ +using Bit.Core.Abstractions; +using Bit.Core.Utilities.Fido2; + +namespace Bit.Core.Services +{ + public class Fido2AuthenticatorService : IFido2AuthenticatorService + { + public Task GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams) + { + // TODO: IMPLEMENT this + return Task.FromResult(new Fido2AuthenticatorGetAssertionResult + { + AuthenticatorData = new byte[32], + Signature = new byte[8] + }); + } + } +} diff --git a/src/Core/Utilities/Fido2/Fido2AuthenticatorGetAssertionParams.cs b/src/Core/Utilities/Fido2/Fido2AuthenticatorGetAssertionParams.cs index ab6fe1e3ab..803815c926 100644 --- a/src/Core/Utilities/Fido2/Fido2AuthenticatorGetAssertionParams.cs +++ b/src/Core/Utilities/Fido2/Fido2AuthenticatorGetAssertionParams.cs @@ -2,11 +2,21 @@ { public class Fido2AuthenticatorGetAssertionParams { + /** The caller’s RP ID, as determined by the user agent and the client. */ public string RpId { get; set; } - public string CredentialId { get; set; } + /** The hash of the serialized client data, provided by the client. */ + public byte[] Hash {get; set;} - public string Counter { get; set; } + public PublicKeyCredentialDescriptor[] AllowCredentialDescriptorList {get; set;} + + /** The effective user verification requirement for assertion, a Boolean value provided by the client. */ + public bool RequireUserVerification {get; set;} + + /** CTAP2 authenticators support setting this to false, but we only support the WebAuthn authenticator model which does not have that option. */ + // public bool RequireUserPresence {get; set;} // Always required + + public object Extensions {get; set;} } } diff --git a/src/Core/Utilities/Fido2/PublicKeyCredentialDescriptor.cs b/src/Core/Utilities/Fido2/PublicKeyCredentialDescriptor.cs new file mode 100644 index 0000000000..07e3d601b4 --- /dev/null +++ b/src/Core/Utilities/Fido2/PublicKeyCredentialDescriptor.cs @@ -0,0 +1,9 @@ +namespace Bit.Core.Utilities.Fido2 +{ + public class PublicKeyCredentialDescriptor { + public byte[] Id {get; set;} + public string[] Transports; + public string Type; + } +} + diff --git a/test/Core.Test/Services/Fido2AuthenticatorTests.cs b/test/Core.Test/Services/Fido2AuthenticatorTests.cs new file mode 100644 index 0000000000..f81cf35496 --- /dev/null +++ b/test/Core.Test/Services/Fido2AuthenticatorTests.cs @@ -0,0 +1,38 @@ +using Bit.Core.Abstractions; +using Bit.Core.Exceptions; +using Bit.Core.Services; +using Bit.Core.Test.AutoFixture; +using Bit.Test.Common.AutoFixture; +using Bit.Test.Common.AutoFixture.Attributes; +using NSubstitute; +using NSubstitute.ExceptionExtensions; +using Xunit; + +namespace Bit.Core.Test.Services +{ + public class Fido2AuthenticatorTests + { + [Theory] + public async Task GetAssertionAsync_Throws_InputIsMissingSupportedAlgorithm(Fido2AuthenticatorService sut) + { + await Assert.ThrowsAsync(async () => await sut.GetAssertionAsync(new Fido2AuthenticatorGetAssertionParams())); + } + + // it("should throw error when input does not contain any supported algorithms", async () => { + // const result = async () => + // await authenticator.makeCredential(invalidParams.unsupportedAlgorithm, tab); + + // await expect(result).rejects.toThrowError(Fido2AuthenticatorErrorCode.NotSupported); + // }); + + private Fido2AuthenticatorGetAssertionParams GetAssertionParams() + { + return new Fido2AuthenticatorGetAssertionParams + { + RpId = "test", + Counter = 0, + CredentialId = new byte[32] + }; + } + } +}