forked from GramThanos/WebDevAuthn
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcredential-get.html
More file actions
407 lines (383 loc) · 19.8 KB
/
credential-get.html
File metadata and controls
407 lines (383 loc) · 19.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>WebDevAuthn - Credentials Get</title>
<meta name="description" content="Testing WebAuthn/FIDO2 Javascript API requests and responses">
<meta name="author" content="UNIPI - FIDO Project 2021">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="stylesheet" href="css/fontawesome-all.min.css">
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/jsNotify.bootstrap.css">
<link rel="stylesheet" href="css/jsonTree.css">
<link rel="stylesheet" href="css/webapp.css">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-primary">
<div class="container">
<a class="navbar-brand" href="index.html"><i class="fas fa-hashtag"></i> WebDevAuthn</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a class="nav-link" href="index.html"><i class="fas fa-home"></i> Home</a>
</li>
<li class="nav-item">
<a class="nav-link" href="key-management.html"><i class="fas fa-key"></i> Key Management</a>
</li>
<li class="nav-item">
<a class="nav-link" href="credential-creation.html"><i class="fas fa-angle-double-up"></i> Credential Creation</a>
</li>
<li class="nav-item active">
<a class="nav-link" href="credential-get.html"><i class="fas fa-angle-double-down"></i> Credential Get <span class="sr-only">(current)</span></a>
</li>
<li class="nav-item">
<a class="nav-link" href="web-injector.html"><i class="fas fa-code"></i> Web Injector</a>
</li>
</ul>
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a class="nav-link" href="about.html"><i class="fas fa-info-circle"></i> About</a>
</li>
</ul>
</div>
</div>
</nav>
<!-- Page Title -->
<div class="main-page-title">
<div class="container">
<i class="fas fa-angle-double-down"></i> Credential Get
</div>
</div>
<!-- Content -->
<div class="main-container">
<div class="container">
<!-- Browser Support { -->
<div class="row">
<div class="col-12" id="webauthn-support" style="display: none;">
<div class="alert alert-warning" role="alert">
Checking browser's WebAuthn support ...
</div>
</div>
<script src="js/webauthn-support.js"></script>
</div>
<!-- } Browser Support -->
<div class="row">
<div class="col-12">
<p>
Here you can prepare custom options and then launch WebAuthn credential get requests to retrieve credentials created using your authenticator devices. The information below are based on the <a href="https://www.w3.org/TR/webauthn/" target="_blank">WebAuthn specification</a>.
</p>
</div>
<div class="col-12 col-md-6 gui-custom-options">
<!-- Challenge -->
<div class="card">
<div class="card-body">
<h5 class="card-title"><i class="fas fa-dice"></i> Randomized Challenge</h5>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="Randomized challenge generated by the relay party server, to avoid replay attacks. Should not be guessable, thus it SHOULD be at least 16 bytes long."></i> <span class="badge badge-success">REQUIRED</span></div>
<label for="credential-get-challenge">challenge</label>
<input type="text" class="form-control" id="credential-get-challenge" value="">
</div>
<script type="text/javascript">
document.getElementById('credential-get-challenge').value = (function() {
let id = [];
for (var i = 31; i >= 0; i--) id.push(i);
return JSON.stringify(id);
})();
</script>
</div>
</div>
<!-- Relaying Party -->
<div class="card">
<div class="card-body">
<h5 class="card-title"><i class="far fa-building"></i> Relaying Party Entity</h5>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="A valid domain string that identifies the WebAuthn Relying Party. It should be the webpage domain or a subset of the domain. Ex. on the page login.example.com, it can be login.example.com or example.com. It ignores port. It requires https. If not specified the webpage domain will be used"></i> <span class="badge badge-secondary">OPTIONAL</span></div>
<label for="credential-get-rpid">rp.id</label>
<input type="text" class="form-control" id="credential-get-rpid" value="">
</div>
<script type="text/javascript">
document.getElementById('credential-get-rpid').value = new URL(document.location.href).host;
</script>
</div>
</div>
<!-- Extensions -->
<div class="card">
<div class="card-body">
<div class="notes"><span class="badge badge-secondary">OPTIONAL</span></div>
<h5 class="card-title"><i class="fas fa-puzzle-piece"></i> Extensions</h5>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="This allows RP that have previously registered credentials using the legacy FIDO JavaScript APIs to request an assertion. The FIDO APIs use an alternative identifier for RP called an AppID [FIDO-APPID], and any credentials created using those APIs will be scoped to that identifier."></i></div>
<label for="credential-get-extensions-appid">extensions.appid <small>(FIDO AppID Extension)</small></label>
<input type="text" class="form-control" id="credential-get-extensions-appid" value="">
</div>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="This allows for a simple form of transaction authorization. A RP can specify a prompt string, intended for display on a trusted device on the authenticator."></i></div>
<label for="credential-get-extensions-txAuthSimple">extensions.txAuthSimple <small>(Simple Transaction Authorization Extension)</small></label>
<input type="text" class="form-control" id="credential-get-extensions-txAuthSimple" value="">
</div>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="This allows images to be used as transaction authorization prompts as well."></i> <span class="badge badge-warning">UNDER CONSTRUCTION</span></div>
<label for="credential-get-extensions-txAuthGeneric-content">extensions.txAuthGeneric <small>(Generic Transaction Authorization Extension)</small></label>
<div class="row">
<div class="col-4">
<input type="text" class="form-control" id="credential-get-extensions-txAuthGeneric-contentType" value="image/png">
</div>
<div class="col-8">
<input type="text" class="form-control" id="credential-get-extensions-txAuthGeneric-content" value="">
</div>
</div>
</div>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="This extension enables use of a user verification index."></i></div>
<label for="credential-get-extensions-uvi">extensions.uvi <small>(User Verification Index Extension)</small></label>
<select class="form-control" id="credential-get-extensions-uvi">
<option value="" selected="selected">Don't set</option>
<option value="true">true</option>
</select>
</div>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="This extension provides the authenticator's current location to the RP."></i></div>
<label for="credential-get-extensions-loc">extensions.loc <small>(Location Extension)</small></label>
<select class="form-control" id="credential-get-extensions-loc">
<option value="" selected="selected">Don't set</option>
<option value="true">true</option>
</select>
</div>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="This extension enables use of a user verification method."></i></div>
<label for="credential-get-extensions-uvm">extensions.uvm <small>(User Verification Method Extension)</small></label>
<select class="form-control" id="credential-get-extensions-uvm">
<option value="" selected="selected">Don't set</option>
<option value="true">true</option>
</select>
</div>
</div>
</div>
</div>
<div class="col-12 col-md-6 gui-custom-options">
<!-- Timeout -->
<div class="card">
<div class="card-body">
<h5 class="card-title"><i class="fas fa-stopwatch-20"></i> Timeout</h5>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="Timeout hint. Time, in milliseconds, that the caller is willing to wait."></i> <span class="badge badge-secondary">OPTIONAL</span></div>
<label for="credential-get-timeout">timeout</label>
<input type="text" class="form-control" id="credential-get-timeout" value="120000">
</div>
</div>
</div>
<!-- User Verification -->
<div class="card">
<div class="card-body">
<h5 class="card-title"><i class="far fa-hand-point-down"></i> User Verification</h5>
<div class="form-group">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="Requires user verification (`required`) or Prefer user verification (`preferred`)or Do not want user verification (`discouraged`). [The default value is `preferred`]"></i> <span class="badge badge-secondary">OPTIONAL</span></div>
<label for="credential-get-userVerification">userVerification</label>
<select class="form-control" id="credential-get-userVerification">
<option value="" selected="selected">Don't set</option>
<option value="required">required</option>
<option value="preferred">preferred (default)</option>
<option value="discouraged">discouraged</option>
</select>
</div>
</div>
</div>
<!-- Allow Credentials -->
<div class="card">
<div class="card-body">
<div class="notes"><i class="fas fa-info-circle" data-toggle="tooltip" title="123"></i> <span class="badge badge-secondary">OPTIONAL</span></div>
<h5 class="card-title"><i class="fas fa-key"></i> Allow Credentials</h5>
<div id="credential-get-publickeycredentialdescriptor-wrapper"></div>
<button type="button" class="btn btn-outline-success btn-sm" id="credential-get-publickeycredentialdescriptor-add" style="float: right;">Add Credential</button>
<div style="clear: both;"></div>
</div>
</div>
</div>
</div>
<div class="row">
<!-- Options Section -->
<div class="col-12">
<p><button type="button" class="btn btn-primary" id="credential-get-generate"><i class="fas fa-cogs"></i> Generate Options</button></p>
</div>
<div class="col-12">
<ul class="nav nav-tabs">
<li class="nav-item">
<a class="nav-link" data-toggle="tab" href="#credential-get-options-notes-wrapper">Notes <span id="credential-get-options-notes-notification" class="badge rounded-pill bg-dark" style="color: white;">0</span></a>
</li>
<li class="nav-item">
<a class="nav-link active" data-toggle="tab" href="#credential-get-options-raw-wrapper">Raw Javascript View</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="tab" href="#credential-get-options-dynamic-wrapper">Dynamic JSON View</a>
</li>
</ul>
<div class="tab-content">
<div class="tab-pane fade" id="credential-get-options-notes-wrapper">
<div class="alert alert-secondary" role="alert">
<div id="credential-get-options-notes">...</div>
</div>
</div>
<div class="tab-pane fade active show" id="credential-get-options-raw-wrapper">
<div class="alert alert-secondary" role="alert">
<pre id="credential-get-options-raw">...</pre>
</div>
</div>
<div class="tab-pane fade" id="credential-get-options-dynamic-wrapper">
<div class="alert alert-secondary" role="alert">
<div id="credential-get-options-dynamic">...</div>
</div>
</div>
</div>
</div>
<!-- Credentials Section -->
<div class="col-12 col-sm-6">
<p><button type="button" class="btn btn-primary" id="credential-get-create"><i class="fas fa-key"></i> Get Credentials</button></p>
</div>
<div class="col-12 col-sm-6">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="" id="virtual-authenticator-checkbox">
<label class="form-check-label" for="virtual-authenticator-checkbox">use Virtual Authenticator</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" value="" id="virtual-testing-checkbox">
<label class="form-check-label" for="virtual-testing-checkbox">Virtual Authenticator Testing Mode</label>
</div>
</div>
<div class="col-12" id="virtual-testing-options" style="display: none;">
<div class="alert alert-secondary" role="alert" style="color: black;">
<!-- Tests -->
<div class="row">
<div class="col-12 col-sm-6">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="" id="testing-challenge-checkbox">
<label class="form-check-label" for="testing-challenge-checkbox">Swap Challenge</label>
</div>
</div>
<div class="col-12 col-sm-6">
<input type="text" class="form-control form-control-sm" id="testing-challenge-value" value="Dw4NDAsKCQgHBgUEAwIBAA"/>
</div>
<div class="col-12 col-sm-6">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="" id="testing-freezeSigCounter-checkbox">
<label class="form-check-label" for="testing-freezeSigCounter-checkbox">Freeze Signature Counter</label>
</div>
</div>
<div class="col-12 col-sm-6">
<input type="number" class="form-control form-control-sm" id="testing-freezeSigCounter-value" value="1"/>
</div>
<div class="col-12 col-sm-6">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="" id="testing-freezeUserVerificationFlag-checkbox">
<label class="form-check-label" for="testing-freezeUserVerificationFlag-checkbox">Freeze User Verification Flag</label>
</div>
</div>
<div class="col-12 col-sm-6">
<select class="form-control form-control-sm" id="testing-freezeUserVerificationFlag-value">
<option value="true">True</option>
<option value="false" selected="selected">False</option>
</select>
</div>
<div class="col-12 col-sm-6">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="" id="testing-relayPartyID-checkbox">
<label class="form-check-label" for="testing-relayPartyID-checkbox">Swap Relay Party ID</label>
</div>
</div>
<div class="col-12 col-sm-6">
<input type="text" class="form-control form-control-sm" id="testing-relayPartyID-value" value="example.com"/>
</div>
<div class="col-12 col-sm-6">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="" id="testing-origin-checkbox">
<label class="form-check-label" for="testing-origin-checkbox">Swap Origin</label>
</div>
</div>
<div class="col-12 col-sm-6">
<input type="text" class="form-control form-control-sm" id="testing-origin-value" value="https://example.com"/>
</div>
<div class="col-12 col-sm-6">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="" id="testing-userHandle-checkbox">
<label class="form-check-label" for="testing-userHandle-checkbox">Swap User Handle</label>
</div>
</div>
<div class="col-12 col-sm-6">
<input type="text" class="form-control form-control-sm" id="testing-userHandle-value" value="ZmFrZS11c2VyQGV4YW1wbGUuY29t"/>
</div>
</div>
</div>
</div>
<div class="col-12">
<ul class="nav nav-tabs">
<li class="nav-item">
<a class="nav-link active" data-toggle="tab" href="#credential-get-response-raw-wrapper">Raw View</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="tab" href="#credential-get-response-decoded-wrapper">Decoded View</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="tab" href="#credential-get-response-ext-wrapper">Extensions</a>
</li>
</ul>
<div class="tab-content">
<div class="tab-pane fade active show" id="credential-get-response-raw-wrapper">
<div class="alert alert-secondary" role="alert">
<pre id="credential-get-response-raw">...</pre>
</div>
</div>
<div class="tab-pane fade" id="credential-get-response-decoded-wrapper">
<div class="alert alert-secondary" role="alert">
<pre id="credential-get-response-decoded">...</pre>
</div>
</div>
<div class="tab-pane fade" id="credential-get-response-ext-wrapper">
<div class="alert alert-secondary" role="alert">
<pre id="credential-get-response-ext">...</pre>
</div>
</div>
</div>
</div>
<!-- Credentials Send Back Section -->
<div class="col-6" style="display: none;">
<p><button type="button" class="btn btn-primary" id="credential-get-send"><i class="fas fa-angle-double-left"></i> <i class="fas fa-key"></i> Send Credentials Response</button></p>
</div>
<div class="col-6">
<p><button type="button" class="btn btn-primary" id="credential-get-load-from-code"><i class="fas fa-code"></i> <i class="fas fa-coffee"></i> Load from code</button></p>
</div>
</div>
</div>
</div>
<div class="container footer">
<div class="row">
<div class="col-12">
<div>Copyright © 2022 - 2023, <a href="https://github.com/GramThanos">Athanasios Vasileios Grammatopoulos</a> - <a href="https://github.com/GramThanos/WebDevAuthn">GitHub</a></div>
<div>In collaboration with <a href="https://ssl.ds.unipi.gr/">Systems Security Laboratory</a>, Department of Digital Systems, <a href="https://www.unipi.gr/">University of Piraeus</a></div>
</div>
<div class="col-12">
<div style="height:300px;"></div>
<div style="text-align: right;font-family: Consolas;"><-- this is the end --></div>
</div>
</div>
</div>
<script src="js/jquery-3.5.1.slim.min.js"></script>
<script src="js/popper.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/jsNotify.bundle.js"></script>
<script src="js/lodash.js"></script>
<script src="js/cbor.js"></script>
<script src="js/jsonTree.js"></script>
<script src="js/credentials-storage.js"></script>
<script type="text/javascript">
// Tooltips
$(function() {$('[data-toggle="tooltip"]').tooltip()});
</script>
<script src="js/falcon.js"></script>
<script src="js/crypto-extend.js"></script>
<script src="js/webauthn-tools.js"></script>
<script src="js/webauthn-authenticator.js"></script>
<script src="js/webauthn-get.js"></script>
</body>
</html>