Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_make_credential_existing_key(self, PatchedCTAP2):
dev = mock.Mock()
dev.capabilities = CAPABILITY.CBOR
ctap2 = mock.MagicMock()
ctap2.get_info.return_value = Info(_INFO_NO_PIN)
ctap2.make_credential.side_effect = CtapError(CtapError.ERR.CREDENTIAL_EXCLUDED)
PatchedCTAP2.return_value = ctap2
client = Fido2Client(dev, APP_ID)
try:
client.make_credential(
PublicKeyCredentialCreationOptions(
rp,
user,
challenge,
[{"type": "public-key", "alg": -7}],
authenticator_selection={"userVerification": "discouraged"},
)
)
self.fail("make_credential did not raise error")
except ClientError as e:
self.assertEqual(e.code, ClientError.ERR.DEVICE_INELIGIBLE)
try:
ka_status = STATUS(ka_status)
except ValueError:
pass # Unknown status value
last_ka = ka_status
on_keepalive(ka_status)
# NFCCTAP_GETRESPONSE
resp, sw1, sw2 = self._chain_apdus(0x80, 0x11, 0x00, 0x00, b"")
if (sw1, sw2) != SW_SUCCESS:
raise CtapError(CtapError.ERR.OTHER) # TODO: Map from SW error
return resp
raise CtapError(CtapError.ERR.KEEPALIVE_CANCEL)
if status == cmd:
return bytes(resp)
elif status == CTAPHID.ERROR:
raise CtapError(resp[0])
elif status == CTAPHID.KEEPALIVE:
ka_status = resp[0]
if on_keepalive and last_ka != ka_status:
try:
ka_status = STATUS(ka_status)
except ValueError:
pass # Unknown status value
last_ka = ka_status
on_keepalive(ka_status)
continue
else:
raise CtapError(CtapError.ERR.INVALID_COMMAND)
# Cancel the request.
self._dev.InternalSend(TYPE_INIT | CTAPHID.CANCEL, bytearray())
self._dev.InternalRecv()
raise CtapError(CtapError.ERR.KEEPALIVE_CANCEL)
def enumerate_creds(self, *args, **kwargs):
"""Convenience method to enumerate all resident credentials for an RP.
See enumerate_creds_begin and enumerate_creds_next for details.
"""
try:
first = self.enumerate_creds_begin(*args, **kwargs)
except CtapError as e:
if e.code == CtapError.ERR.NO_CREDENTIALS:
return []
raise # Other error
rest = [
self.enumerate_creds_next()
for _ in range(
1, first.get(CredentialManagement.RESULT.TOTAL_CREDENTIALS, 1)
)
]
return [first] + rest
"""
Display status of FIDO2 application.
"""
controller = ctx.obj['controller']
if controller.is_fips:
click.echo('FIPS Approved Mode: {}'.format(
'Yes' if controller.is_in_fips_mode else 'No'))
else:
if controller.has_pin:
try:
click.echo(
'PIN is set, with {} tries left.'.format(
controller.get_pin_retries()))
except CtapError as e:
if e.code == CtapError.ERR.PIN_BLOCKED:
click.echo('PIN is blocked.')
else:
click.echo('PIN is not set.')
try:
ka_status = STATUS(ka_status)
except ValueError:
pass # Unknown status value
last_ka = ka_status
on_keepalive(ka_status)
# NFCCTAP_GETRESPONSE
resp, sw1, sw2 = self._chain_apdus(0x80, 0x11, 0x00, 0x00)
if (sw1, sw2) != SW_SUCCESS:
raise CtapError(CtapError.ERR.OTHER) # TODO: Map from SW error
return resp
raise CtapError(CtapError.ERR.KEEPALIVE_CANCEL)
def is_in_fips_mode(self):
try:
sw = self._dev.call(
CTAPHID.MSG, [*[0, FIPS_U2F_CMD.VERIFY_FIPS_MODE], 0, 0])
return sw == b'\x90\x00'
except CtapError as e:
if e.code == CtapError.ERR.INVALID_COMMAND:
return False
else:
raise e
def _ctap1_get_assertion(
self, client_data, rp_id, allow_list, extensions, uv, pin, event, on_keepalive
):
if uv or not allow_list:
raise CtapError(CtapError.ERR.UNSUPPORTED_OPTION)
app_param = sha256(rp_id.encode())
client_param = client_data.hash
for cred in allow_list:
try:
auth_resp = _call_polling(
self.ctap1_poll_delay,
event,
on_keepalive,
self.ctap1.authenticate,
client_param,
app_param,
cred["id"],
)
return [AssertionResponse.from_ctap1(app_param, cred, auth_resp)]
except ClientError as e:
def call(self, cmd, data=b"", event=None, on_keepalive=None):
if cmd == CTAPHID.MSG:
return self._call_apdu(data)
elif cmd == CTAPHID.CBOR:
return self._call_cbor(data, event, on_keepalive)
else:
raise CtapError(CtapError.ERR.INVALID_COMMAND)