Adding first tests.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-09-30 12:06:43 +02:00
parent 4e94cbe40e
commit cc8d9e0741
4 changed files with 519 additions and 0 deletions
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -0,0 +1,225 @@
+from http import client
+from fido2.hid import CtapHidDevice
+from fido2.client import Fido2Client, WindowsClient, UserInteraction, ClientError
+from fido2.ctap2.pin import ClientPin
+from fido2.server import Fido2Server
+from fido2.ctap import CtapError
+from fido2.webauthn import (
+    Aaguid,
+    AttestationObject,
+    CollectedClientData,
+    PublicKeyCredentialCreationOptions,
+    PublicKeyCredentialRequestOptions,
+    AuthenticatorSelectionCriteria,
+    UserVerificationRequirement,
+    AuthenticatorAttestationResponse,
+    AuthenticatorAssertionResponse,
+    AttestationConveyancePreference,
+)
+from getpass import getpass
+import sys
+import ctypes
+import pytest
+import os
+import inspect
+
+DEFAULT_PIN='12345678'
+
+class CliInteraction(UserInteraction):
+    def prompt_up(self):
+        print("\nTouch your authenticator device now...\n")
+
+    def request_pin(self, permissions, rd_id):
+        return DEFAULT_PIN
+
+    def request_uv(self, permissions, rd_id):
+        print("User Verification required.")
+        return True
+
+class DeviceSelectCredential:
+    def __init__(self, number):
+        pass
+
+    def __call__(self, status):
+        pass
+
+class Device():
+    def __init__(self, origin="https://example.com", user_interaction=CliInteraction(),uv="discouraged",rp={"id": "example.com", "name": "Example RP"}, attestation="direct"):
+        self.__user = None
+        self.__set_client(origin=origin, user_interaction=user_interaction, uv=uv)
+        self.__set_server(rp=rp, attestation=attestation)
+
+    def __set_client(self, origin, user_interaction, uv):
+        self.__uv = uv
+        self.__dev = None
+        self.__origin = origin
+        self.__user_interaction = user_interaction
+
+        # Locate a device
+        self.__dev = next(CtapHidDevice.list_devices(), None)
+        if self.__dev is not None:
+            print("Use USB HID channel.")
+        else:
+            try:
+                from fido2.pcsc import CtapPcscDevice
+
+                self.__dev = next(CtapPcscDevice.list_devices(), None)
+                print("Use NFC channel.")
+            except Exception as e:
+                print("NFC channel search error:", e)
+
+        if not self.__dev:
+            print("No FIDO device found")
+            sys.exit(1)
+
+        # Set up a FIDO 2 client using the origin https://example.com
+        self.__client = Fido2Client(self.__dev, self.__origin, user_interaction=self.__user_interaction)
+
+        # Prefer UV if supported and configured
+        if self.__client.info.options.get("uv") or self.__client.info.options.get("pinUvAuthToken"):
+            self.__uv = "preferred"
+            print("Authenticator supports User Verification")
+
+    def __set_server(self, rp, attestation):
+        self.__rp = rp
+        self.__attestation = attestation
+        self.__server = Fido2Server(self.__rp, attestation=self.__attestation)
+
+    def client(self):
+        return self.__client
+
+    def user(self, user=None):
+        if (self.__user is None):
+            self.__user = {"id": b"user_id", "name": "A. User"}
+        if (user is not None):
+            self.__user = user
+        return self.__user
+
+    def reset(self):
+        print("Resetting Authenticator...")
+        try:
+            self.__client._backend.ctap2.reset(on_keepalive=DeviceSelectCredential(1))
+        except CtapError:
+            # Some authenticators need a power cycle
+            print("Need to power cycle authentictor to reset..")
+            self.reboot()
+            self.__client._backend.ctap2.reset(on_keepalive=DeviceSelectCredential(1))
+
+    def reboot(self):
+        print("Please reboot authenticator and hit enter")
+        input()
+        self.__setup_client(self.__origin, self.__user_interaction, self.__uv)
+
+    def MC(self, client_data_hash=Ellipsis, rp=Ellipsis, user=Ellipsis, key_params=Ellipsis, exclude_list=None, extensions=None, options=None, pin_uv_param=None, pin_uv_protocol=None, enterprise_attestation=None):
+        att_obj = self.__client._backend.ctap2.make_credential(
+            client_data_hash=client_data_hash if client_data_hash is not Ellipsis else os.urandom(32),
+            rp=rp if rp is not Ellipsis else self.__rp,
+            user=user if user is not Ellipsis else self.user(),
+            key_params=key_params if key_params is not Ellipsis else self.__server.allowed_algorithms,
+            exclude_list=exclude_list,
+            extensions=extensions,
+            options=options,
+            pin_uv_param=pin_uv_param,
+            pin_uv_protocol=pin_uv_protocol,
+            enterprise_attestation=enterprise_attestation
+            )
+        return att_obj
+
+    def doMC(self, client_data=None, rp=None, user=None, key_params=None, exclude_list=None, extensions=None, rk=None, user_verification=None, enterprise_attestation=None, event=None):
+
+        result = self.__client._backend.do_make_credential(
+            client_data=client_data or CollectedClientData.create(
+                    type=CollectedClientData.TYPE.CREATE, origin=self.__origin, challenge=os.urandom(32)
+                ),
+            rp=rp or self.__rp,
+            user=user or self.user(),
+            key_params=key_params or self.__server.allowed_algorithms,
+            exclude_list=exclude_list,
+            extensions=extensions,
+            rk=rk,
+            user_verification=user_verification,
+            enterprise_attestation=enterprise_attestation,
+            event=event
+        )
+        return result
+
+    def try_make_credential(self, options=None):
+        if (options is None):
+            options, _ = self.__server.register_begin(
+            self.user(), user_verification=self.__uv, authenticator_attachment="cross-platform"
+        )
+        try:
+            result = self.__client.make_credential(options["publicKey"])
+        except ClientError as e:
+            if (e.code == ClientError.ERR.CONFIGURATION_UNSUPPORTED):
+                client_pin = ClientPin(self.__client._backend.ctap2)
+                client_pin.set_pin(DEFAULT_PIN)
+                result = self.__client.make_credential(options["publicKey"])
+        return result
+
+    def register(self, uv=None):
+        # Prepare parameters for makeCredential
+        create_options, state = self.__server.register_begin(
+            self.user(), user_verification=self.__uv, authenticator_attachment="cross-platform"
+        )
+        # Create a credential
+        result = self.try_make_credential(create_options)
+
+        # Complete registration
+        auth_data = self.__server.register_complete(
+            state, result.client_data, result.attestation_object
+        )
+        credentials = [auth_data.credential_data]
+
+        print("New credential created!")
+
+        print("CLIENT DATA:", result.client_data)
+        print("ATTESTATION OBJECT:", result.attestation_object)
+        print()
+        print("CREDENTIAL DATA:", auth_data.credential_data)
+
+        return (result, auth_data)
+
+    def authenticate(self, credentials):
+        # Prepare parameters for getAssertion
+        request_options, state = self.__server.authenticate_begin(credentials, user_verification=self.__uv)
+
+        # Authenticate the credential
+        result = self.__client.get_assertion(request_options["publicKey"])
+
+        # Only one cred in allowCredentials, only one response.
+        result = result.get_response(0)
+
+        # Complete authenticator
+        self.__server.authenticate_complete(
+            state,
+            credentials,
+            result.credential_id,
+            result.client_data,
+            result.authenticator_data,
+            result.signature,
+        )
+
+        print("Credential authenticated!")
+
+        print("CLIENT DATA:", result.client_data)
+        print()
+        print("AUTH DATA:", result.authenticator_data)
+
+@pytest.fixture(scope="session")
+def device():
+    dev = Device()
+    return dev
+
+@pytest.fixture(scope="session")
+def info(device):
+    return device.client()._backend.info
+
+@pytest.fixture(scope="session")
+def MCRes(device, *args):
+    return device.doMC(*args).attestation_object
+
+@pytest.fixture(scope="session")
+def resetdevice(device):
+    device.reset()
+    return device