func signRequest(w http.ResponseWriter, r *http.Request) {
if registration == nil {
http.Error(w, "registration missing", http.StatusBadRequest)
return
}
c, err := u2f.NewChallenge(appID, trustedFacets)
if err != nil {
log.Printf("u2f.NewChallenge error: %v", err)
http.Error(w, "error", http.StatusInternalServerError)
return
}
challenge = c
var reg u2f.Registration
if err := reg.UnmarshalBinary(registration); err != nil {
log.Printf("reg.UnmarshalBinary error: %v", err)
http.Error(w, "error", http.StatusInternalServerError)
return
}
req := c.SignRequest(reg)
log.Printf("signRequest: %+v", req)
json.NewEncoder(w).Encode(req)
}
// NewSignChallenge returns a challenge for the U2F device.
//
func NewSignChallenge(ctx appengine.Context, userIdentity string) ([]*u2f.SignRequest, error) {
// Create challenge
c, err := u2f.NewChallenge(AppID, TrustedFacets)
if err != nil {
return nil, fmt.Errorf("u2f.NewChallenge error: %v", err)
}
_, regis, err := loadRegistrations(ctx, userIdentity)
if err != nil {
return nil, fmt.Errorf("loadRegistrations %+v", err)
}
var reqs = []*u2f.SignRequest{}
for _, regi := range regis {
signr, err := signChallengeRequest(*c, *regi)
if err != nil {
return nil, fmt.Errorf("Signing error: %+v", err)
}
reqs = append(reqs, signr)
}
// Save challenge to database.
ckey := makeKey(ctx, userIdentity, "SignChallenge")
if _, err := datastore.Put(ctx, ckey, c); err != nil {
return nil, fmt.Errorf("datastore.Put error: %v", err)
}
// Return challenge
log.Printf("🖋 New Sign Challenges: %+v [%+v]", reqs, ckey)
return reqs, nil
}
func registerRequest(w http.ResponseWriter, r *http.Request) {
c, err := u2f.NewChallenge(appID, trustedFacets)
if err != nil {
log.Printf("u2f.NewChallenge error: %v", err)
http.Error(w, "error", http.StatusInternalServerError)
return
}
challenge = c
req := c.RegisterRequest()
log.Printf("registerRequest: %+v", req)
json.NewEncoder(w).Encode(req)
}
func (c *RemoteU2FClient) PrepareAuthentication(msg, appID string, marshalledRegs [][]byte) (
*PendingAuth, error) {
var trustedFacets = []string{appID}
pa := &PendingAuth{}
signReqs := []*u2f.SignRequest{}
// Generate one signature request for each registration.
for _, mreg := range marshalledRegs {
reg := &u2f.Registration{}
err := reg.UnmarshalBinary(mreg)
if err != nil {
return nil, fmt.Errorf("u2f.ParseRegistration: %v\n", err)
}
// Can/should we reuse the challenge for all the registrations?
challenge, err := u2f.NewChallenge(appID, trustedFacets)
if err != nil {
return nil, fmt.Errorf("u2f.NewChallenge error: %v", err)
}
sr := challenge.SignRequest(*reg)
signReqs = append(signReqs, sr)
pa.challenges = append(pa.challenges, challenge)
pa.regs = append(pa.regs, reg)
}
j, err := json.Marshal(signReqs)
if err != nil {
return nil, fmt.Errorf("json marshalling error: %v", err)
}
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
key, err := c.c.PrepareOp(
ctx, &pb.Prepare{j, msg, pb.Prepare_AUTHENTICATE})
if err != nil {
return nil, fmt.Errorf("error preparing: %v", err)
}
pa.Key = key
return pa, nil
}
// NewRegistrationChallenge creates a new U2F challenge and stores it in the
// datastore.
//
// Encode the response with e.g.
// json.NewEncoder(w).Encode(req)
//
func NewRegistrationChallenge(ctx appengine.Context, userIdentity string) (*u2f.RegisterRequest, error) {
// Generate a challenge
c, err := u2f.NewChallenge(AppID, TrustedFacets)
if err != nil {
return nil, fmt.Errorf("u2f.NewChallenge error: %v", err)
}
// Save challenge to database.
ckey := makeKey(ctx, userIdentity, "Challenge")
if _, err := datastore.Put(ctx, ckey, c); err != nil {
return nil, fmt.Errorf("datastore.Put error: %v", err)
}
// Return challenge request
req := c.RegisterRequest()
log.Printf("🍁 New Registration Challenge for %v: %+v [%+v]",
userIdentity, req, ckey)
return req, nil
}
func signRequest(w http.ResponseWriter, r *http.Request) {
if registration == nil {
http.Error(w, "registration missing", http.StatusBadRequest)
return
}
c, err := u2f.NewChallenge(appID, trustedFacets)
if err != nil {
log.Printf("u2f.NewChallenge error: %v", err)
http.Error(w, "error", http.StatusInternalServerError)
return
}
challenge = c
var req authenticateRequest
for _, reg := range registration {
sr := c.SignRequest(reg)
req.SignRequests = append(req.SignRequests, *sr)
}
log.Printf("authenitcateRequest: %+v", req)
json.NewEncoder(w).Encode(req)
}
func (c *RemoteU2FClient) PrepareRegister(msg, appID string) (*PendingRegister, error) {
var trustedFacets = []string{appID}
challenge, err := u2f.NewChallenge(appID, trustedFacets)
if err != nil {
return nil, fmt.Errorf("u2f.NewChallenge error: %v", err)
}
j, err := json.Marshal(challenge.RegisterRequest())
if err != nil {
return nil, fmt.Errorf("json marshalling error: %v", err)
}
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
key, err := c.c.PrepareOp(ctx, &pb.Prepare{j, msg, pb.Prepare_REGISTER})
if err != nil {
return nil, fmt.Errorf("error preparing: %v", err)
}
return &PendingRegister{key, challenge}, nil
}
