-
Notifications
You must be signed in to change notification settings - Fork 25
Expand file tree
/
Copy pathbasic_ctap2.rs
More file actions
83 lines (72 loc) · 3.15 KB
/
Copy pathbasic_ctap2.rs
File metadata and controls
83 lines (72 loc) · 3.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
use std::time::Duration;
use libwebauthn::ops::webauthn::{GetAssertionRequest, GetAssertionRequestExtensions};
use libwebauthn::proto::ctap2::Ctap2PublicKeyCredentialDescriptor;
use libwebauthn::transport::{Channel, ChannelSettings, Device};
use libwebauthn::webauthn::WebAuthn;
use libwebauthn::UvUpdate;
use libwebauthn::{
ops::webauthn::{MakeCredentialRequest, ResidentKeyRequirement, UserVerificationRequirement},
proto::ctap2::{
Ctap2CredentialType, Ctap2PublicKeyCredentialRpEntity, Ctap2PublicKeyCredentialUserEntity,
},
};
use libwebauthn_tests::virt::get_virtual_device;
use rand::{thread_rng, Rng};
use test_log::test;
use tokio::sync::broadcast::Receiver;
const TIMEOUT: Duration = Duration::from_secs(10);
async fn handle_updates(mut state_recv: Receiver<UvUpdate>) {
// MakeCredential update
assert_eq!(state_recv.recv().await, Ok(UvUpdate::PresenceRequired));
// GetAssertion update
assert_eq!(state_recv.recv().await, Ok(UvUpdate::PresenceRequired));
}
#[test(tokio::test)]
async fn test_webauthn_basic_ctap2() {
let mut device = get_virtual_device();
let user_id: [u8; 32] = thread_rng().gen();
let challenge: [u8; 32] = thread_rng().gen();
println!("Selected HID authenticator: {}", &device);
let mut channel = device.channel(ChannelSettings::default()).await.unwrap();
channel.wink(TIMEOUT).await.unwrap();
// Make Credentials ceremony
let make_credentials_request = MakeCredentialRequest {
challenge: Vec::from(challenge),
origin: "example.org".to_owned(),
top_origin: None,
relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
resident_key: Some(ResidentKeyRequirement::Discouraged),
user_verification: UserVerificationRequirement::Preferred,
algorithms: vec![Ctap2CredentialType::default()],
exclude: None,
extensions: None,
timeout: TIMEOUT,
};
let state_recv = channel.get_ux_update_receiver();
let update_handle = tokio::spawn(handle_updates(state_recv));
let response = channel
.webauthn_make_credential(&make_credentials_request)
.await
.expect("Failed to register credential");
println!("WebAuthn MakeCredential response: {:?}", response);
let credential: Ctap2PublicKeyCredentialDescriptor =
(&response.authenticator_data).try_into().unwrap();
let get_assertion = GetAssertionRequest {
relying_party_id: "example.org".to_owned(),
challenge: Vec::from(challenge),
origin: "example.org".to_string(),
top_origin: None,
allow: vec![credential],
user_verification: UserVerificationRequirement::Discouraged,
extensions: Some(GetAssertionRequestExtensions::default()),
timeout: TIMEOUT,
};
let response = channel
.webauthn_get_assertion(&get_assertion)
.await
.expect("Failed to sign in");
println!("WebAuthn GetAssertion response: {:?}", response);
// Keeping the update-recv alive until the end to check all updates
update_handle.await.unwrap();
}