func signRequest(w http.ResponseWriter, r *http.Request) { if registration == nil { http.Error(w, "registration missing", http.StatusBadRequest) return } c, err := u2f.NewChallenge(appID, trustedFacets) if err != nil { log.Printf("u2f.NewChallenge error: %v", err) http.Error(w, "error", http.StatusInternalServerError) return } challenge = c var reg u2f.Registration if err := reg.UnmarshalBinary(registration); err != nil { log.Printf("reg.UnmarshalBinary error: %v", err) http.Error(w, "error", http.StatusInternalServerError) return } req := c.SignRequest(reg) log.Printf("signRequest: %+v", req) json.NewEncoder(w).Encode(req) }
// NewSignChallenge returns a challenge for the U2F device. // func NewSignChallenge(ctx appengine.Context, userIdentity string) ([]*u2f.SignRequest, error) { // Create challenge c, err := u2f.NewChallenge(AppID, TrustedFacets) if err != nil { return nil, fmt.Errorf("u2f.NewChallenge error: %v", err) } _, regis, err := loadRegistrations(ctx, userIdentity) if err != nil { return nil, fmt.Errorf("loadRegistrations %+v", err) } var reqs = []*u2f.SignRequest{} for _, regi := range regis { signr, err := signChallengeRequest(*c, *regi) if err != nil { return nil, fmt.Errorf("Signing error: %+v", err) } reqs = append(reqs, signr) } // Save challenge to database. ckey := makeKey(ctx, userIdentity, "SignChallenge") if _, err := datastore.Put(ctx, ckey, c); err != nil { return nil, fmt.Errorf("datastore.Put error: %v", err) } // Return challenge log.Printf("🖋 New Sign Challenges: %+v [%+v]", reqs, ckey) return reqs, nil }
func registerRequest(w http.ResponseWriter, r *http.Request) { c, err := u2f.NewChallenge(appID, trustedFacets) if err != nil { log.Printf("u2f.NewChallenge error: %v", err) http.Error(w, "error", http.StatusInternalServerError) return } challenge = c req := c.RegisterRequest() log.Printf("registerRequest: %+v", req) json.NewEncoder(w).Encode(req) }
func (c *RemoteU2FClient) PrepareAuthentication(msg, appID string, marshalledRegs [][]byte) ( *PendingAuth, error) { var trustedFacets = []string{appID} pa := &PendingAuth{} signReqs := []*u2f.SignRequest{} // Generate one signature request for each registration. for _, mreg := range marshalledRegs { reg := &u2f.Registration{} err := reg.UnmarshalBinary(mreg) if err != nil { return nil, fmt.Errorf("u2f.ParseRegistration: %v\n", err) } // Can/should we reuse the challenge for all the registrations? challenge, err := u2f.NewChallenge(appID, trustedFacets) if err != nil { return nil, fmt.Errorf("u2f.NewChallenge error: %v", err) } sr := challenge.SignRequest(*reg) signReqs = append(signReqs, sr) pa.challenges = append(pa.challenges, challenge) pa.regs = append(pa.regs, reg) } j, err := json.Marshal(signReqs) if err != nil { return nil, fmt.Errorf("json marshalling error: %v", err) } ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() key, err := c.c.PrepareOp( ctx, &pb.Prepare{j, msg, pb.Prepare_AUTHENTICATE}) if err != nil { return nil, fmt.Errorf("error preparing: %v", err) } pa.Key = key return pa, nil }
// NewRegistrationChallenge creates a new U2F challenge and stores it in the // datastore. // // Encode the response with e.g. // json.NewEncoder(w).Encode(req) // func NewRegistrationChallenge(ctx appengine.Context, userIdentity string) (*u2f.RegisterRequest, error) { // Generate a challenge c, err := u2f.NewChallenge(AppID, TrustedFacets) if err != nil { return nil, fmt.Errorf("u2f.NewChallenge error: %v", err) } // Save challenge to database. ckey := makeKey(ctx, userIdentity, "Challenge") if _, err := datastore.Put(ctx, ckey, c); err != nil { return nil, fmt.Errorf("datastore.Put error: %v", err) } // Return challenge request req := c.RegisterRequest() log.Printf("🍁 New Registration Challenge for %v: %+v [%+v]", userIdentity, req, ckey) return req, nil }
func signRequest(w http.ResponseWriter, r *http.Request) { if registration == nil { http.Error(w, "registration missing", http.StatusBadRequest) return } c, err := u2f.NewChallenge(appID, trustedFacets) if err != nil { log.Printf("u2f.NewChallenge error: %v", err) http.Error(w, "error", http.StatusInternalServerError) return } challenge = c var req authenticateRequest for _, reg := range registration { sr := c.SignRequest(reg) req.SignRequests = append(req.SignRequests, *sr) } log.Printf("authenitcateRequest: %+v", req) json.NewEncoder(w).Encode(req) }
func (c *RemoteU2FClient) PrepareRegister(msg, appID string) (*PendingRegister, error) { var trustedFacets = []string{appID} challenge, err := u2f.NewChallenge(appID, trustedFacets) if err != nil { return nil, fmt.Errorf("u2f.NewChallenge error: %v", err) } j, err := json.Marshal(challenge.RegisterRequest()) if err != nil { return nil, fmt.Errorf("json marshalling error: %v", err) } ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() key, err := c.c.PrepareOp(ctx, &pb.Prepare{j, msg, pb.Prepare_REGISTER}) if err != nil { return nil, fmt.Errorf("error preparing: %v", err) } return &PendingRegister{key, challenge}, nil }