├── .gitignore ├── LICENSE ├── README.md ├── app ├── .gitignore ├── build.gradle ├── keystore.jks ├── proguard-rules.pro └── src │ └── main │ ├── AndroidManifest.xml │ ├── ic_launcher-web.png │ ├── java │ └── com │ │ └── entersekt │ │ └── fido2 │ │ └── MainActivity.kt │ └── res │ ├── drawable │ └── ic_launcher_foreground.xml │ ├── layout │ └── activity_main.xml │ ├── mipmap-anydpi-v26 │ ├── ic_launcher.xml │ └── ic_launcher_round.xml │ ├── mipmap-hdpi │ ├── ic_launcher.png │ └── ic_launcher_round.png │ ├── mipmap-mdpi │ ├── ic_launcher.png │ └── ic_launcher_round.png │ ├── mipmap-xhdpi │ ├── ic_launcher.png │ └── ic_launcher_round.png │ ├── mipmap-xxhdpi │ ├── ic_launcher.png │ └── ic_launcher_round.png │ ├── mipmap-xxxhdpi │ ├── ic_launcher.png │ └── ic_launcher_round.png │ └── values │ ├── colors.xml │ ├── ic_launcher_background.xml │ ├── strings.xml │ └── styles.xml ├── build.gradle ├── gradle.properties ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── scripts └── get_cert_fingerprint.sh ├── settings.gradle └── web ├── .gitignore ├── firebase.json └── public └── .well-known └── assetlinks.json /.gitignore: -------------------------------------------------------------------------------- 1 | *.iml 2 | .gradle 3 | /local.properties 4 | /.idea 5 | .DS_Store 6 | /build 7 | /captures 8 | .externalNativeBuild 9 | 10 | .settings 11 | .project 12 | .classpath -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Android Fido2 Api Demo 2 | 3 | > Google has released [offical docs][8] and a [sample project][9] 4 | 5 | > Google released a [codelab][10] 6 | 7 | This project uses `com.google.android.gms:play-services-fido`'s [Fido2ApiClient][1] to register a credential and also 8 | sign a challenge. 9 | 10 | It demonstrates the Fido2 Api with hardcoded values and is `NOT` a full example that gets requests from a server 11 | 12 | It also does not validate any of the responses, as that would be done server side 13 | 14 | Just run the app and tap the `Register Fido2` button. It will display the results on the app and in the logs. 15 | 16 | Then you can tap the `Sign Fido2` button, and the Fido2 api will be used to sign a challenge with the key that was just 17 | generated 18 | 19 | As long as you do not change the Relying Party ID (in [PublicKeyCredentialRpEntity][2]), the signing key or the package 20 | name, the app should just work 21 | 22 | ## Relying Party ID 23 | 24 | According to the Web Authentication [spec][3] the relying party id is: 25 | 26 | > A valid domain string that identifies the WebAuthn Relying Party on whose behalf a given registration or 27 | > authentication ceremony is being performed. A public key credential can only be used for authentication with the same 28 | > entity (as identified by RP ID) it was registered with. 29 | 30 | According to [MakeCredentialOptions.Builder][7], Very hard to find, kind of hidden under `Public Methods` and then `setRp`: 31 | 32 | > Note: the RpId should be an effective domain (aka, without scheme or port); and it should also be in secure context 33 | > (aka https connection). Apps-facing API needs to check the package signature against Digital Asset Links, whose resource 34 | > is the RP ID with prepended "//". Privileged (browser) API doesn't need the check. 35 | 36 | So for Android apps you need to host an `assetlinks.json` file on `https:///.well-known/assetlinks.json` to allow 37 | it to use the Fido2 apis for that domain. 38 | 39 | For this sample app I have set the RP ID to `strategics-fido2.firebaseapp.com` and I am hosting this `assetlinks.json`: 40 | 41 | ```json 42 | [ 43 | { 44 | "relation": ["delegate_permission/common.handle_all_urls","delegate_permission/common.get_login_creds"], 45 | "target": { 46 | "namespace": "android_app", 47 | "package_name": "com.entersekt.fido2", 48 | "sha256_cert_fingerprints": [ 49 | "C5:8B:E3:9B:36:B3:67:12:D7:0C:DA:C5:9D:65:2A:FC:43:9B:AE:1B:76:C9:7D:A1:7E:69:2B:7A:15:AB:27:96" 50 | ] 51 | } 52 | } 53 | ] 54 | ``` 55 | 56 | on where: 57 | 58 | `package_name` matches the `applicationId` in my `build.gradle` and the `sha256_cert_fingerprints` matches the 59 | fingerprint of my signing key. This can be found by running the [get_cert_fingerprint.sh script included in this project][4] 60 | 61 | ## Hosting assetlinks.json 62 | 63 | If you want to host your own assetlinks.json for a test, there is a firebase hosting project included in the [web][5] folder 64 | 65 | You need to have a firebase project set up that you can deploy this site to first. When that is done, go to the `web` folder and run: 66 | 67 | ```console 68 | firebase deploy --only hosting 69 | ``` 70 | 71 | You should now have the local [assetlinks.json][6] hosted on `https://.firebaseapp.com/.well-known/assetlinks.json` 72 | and just need to set your RP ID to `.firebaseapp.com` 73 | 74 | [1]: https://developers.google.com/android/reference/com/google/android/gms/fido/fido2/Fido2ApiClient 75 | [2]: https://developers.google.com/android/reference/com/google/android/gms/fido/fido2/api/common/PublicKeyCredentialRpEntity 76 | [3]: https://www.w3.org/TR/webauthn/#relying-party-identifier 77 | [4]: ./scripts/get_cert_fingerprint.sh 78 | [5]: ./web 79 | [6]: ./web/public/.well-known/assetlinks.json 80 | [7]: https://developers.google.com/android/reference/com/google/android/gms/fido/fido2/api/common/MakeCredentialOptions.Builder 81 | [8]: https://developers.google.com/identity/fido/android/native-apps 82 | [9]: https://github.com/googlesamples/android-fido 83 | [10]: https://codelabs.developers.google.com/codelabs/fido2-for-android/#0 84 | -------------------------------------------------------------------------------- /app/.gitignore: -------------------------------------------------------------------------------- 1 | /build 2 | -------------------------------------------------------------------------------- /app/build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'com.android.application' 2 | apply plugin: 'kotlin-android' 3 | apply plugin: 'kotlin-android-extensions' 4 | 5 | android { 6 | compileSdkVersion 28 7 | defaultConfig { 8 | applicationId "com.entersekt.fido2" 9 | minSdkVersion 21 10 | targetSdkVersion 28 11 | versionCode 1 12 | versionName "1.0" 13 | } 14 | signingConfigs { 15 | release { 16 | storeFile file("keystore.jks") 17 | storePassword "fido2password" 18 | keyAlias "fido2" 19 | keyPassword "fido2password" 20 | } 21 | } 22 | buildTypes { 23 | release { 24 | shrinkResources true 25 | minifyEnabled true 26 | proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' 27 | signingConfig signingConfigs.release 28 | } 29 | debug { 30 | signingConfig signingConfigs.release 31 | } 32 | } 33 | compileOptions { 34 | encoding "UTF-8" 35 | sourceCompatibility JavaVersion.VERSION_1_8 36 | targetCompatibility JavaVersion.VERSION_1_8 37 | } 38 | } 39 | 40 | dependencies { 41 | implementation"org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version" 42 | 43 | implementation 'androidx.appcompat:appcompat:1.0.2' 44 | implementation 'androidx.core:core-ktx:1.0.1' 45 | implementation 'androidx.constraintlayout:constraintlayout:1.1.3' 46 | 47 | implementation 'com.google.android.gms:play-services-fido:17.0.0' 48 | } 49 | -------------------------------------------------------------------------------- /app/keystore.jks: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jedrivisser/fido2-android-api-demo/01f7aa0cd5ef5bf2ced3101f1762becba98016d4/app/keystore.jks -------------------------------------------------------------------------------- /app/proguard-rules.pro: -------------------------------------------------------------------------------- 1 | # Add project specific ProGuard rules here. 2 | # You can control the set of applied configuration files using the 3 | # proguardFiles setting in build.gradle. 4 | # 5 | # For more details, see 6 | # http://developer.android.com/guide/developing/tools/proguard.html 7 | 8 | # If your project uses WebView with JS, uncomment the following 9 | # and specify the fully qualified class name to the JavaScript interface 10 | # class: 11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 12 | # public *; 13 | #} 14 | 15 | # Uncomment this to preserve the line number information for 16 | # debugging stack traces. 17 | #-keepattributes SourceFile,LineNumberTable 18 | 19 | # If you keep the line number information, uncomment this to 20 | # hide the original source file name. 21 | #-renamesourcefileattribute SourceFile 22 | -------------------------------------------------------------------------------- /app/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /app/src/main/ic_launcher-web.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jedrivisser/fido2-android-api-demo/01f7aa0cd5ef5bf2ced3101f1762becba98016d4/app/src/main/ic_launcher-web.png -------------------------------------------------------------------------------- /app/src/main/java/com/entersekt/fido2/MainActivity.kt: -------------------------------------------------------------------------------- 1 | package com.entersekt.fido2 2 | 3 | import android.content.Intent 4 | import android.content.IntentSender 5 | import android.os.Bundle 6 | import android.preference.PreferenceManager 7 | import android.util.Base64 8 | import android.util.Log 9 | import androidx.appcompat.app.AppCompatActivity 10 | import androidx.core.content.edit 11 | import com.google.android.gms.fido.Fido 12 | import com.google.android.gms.fido.fido2.api.common.* 13 | import kotlinx.android.synthetic.main.activity_main.* 14 | import java.security.SecureRandom 15 | 16 | 17 | class MainActivity : AppCompatActivity() { 18 | companion object { 19 | private const val LOG_TAG = "Fido2Demo" 20 | private const val REQUEST_CODE_REGISTER = 1 21 | private const val REQUEST_CODE_SIGN = 2 22 | private const val KEY_HANDLE_PREF = "key_handle" 23 | } 24 | 25 | override fun onCreate(savedInstanceState: Bundle?) { 26 | super.onCreate(savedInstanceState) 27 | setContentView(R.layout.activity_main) 28 | 29 | registerFido2Button.setOnClickListener { registerFido2() } 30 | signFido2Button.setOnClickListener { signFido2() } 31 | signFido2Button.isEnabled = loadKeyHandle() != null 32 | } 33 | 34 | override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) { 35 | super.onActivityResult(requestCode, resultCode, data) 36 | Log.d(LOG_TAG, "onActivityResult - requestCode: $requestCode, resultCode: $resultCode") 37 | 38 | when (resultCode) { 39 | RESULT_OK -> { 40 | data?.let { 41 | if (it.hasExtra(Fido.FIDO2_KEY_ERROR_EXTRA)) { 42 | handleErrorResponse(data.getByteArrayExtra(Fido.FIDO2_KEY_ERROR_EXTRA)) 43 | } else if (it.hasExtra(Fido.FIDO2_KEY_RESPONSE_EXTRA)) { 44 | val fido2Response = data.getByteArrayExtra(Fido.FIDO2_KEY_RESPONSE_EXTRA) 45 | when (requestCode) { 46 | REQUEST_CODE_REGISTER -> handleRegisterResponse(fido2Response) 47 | REQUEST_CODE_SIGN -> handleSignResponse(fido2Response) 48 | } 49 | } 50 | } 51 | } 52 | RESULT_CANCELED -> { 53 | val result = "Operation is cancelled" 54 | resultText.text = result 55 | Log.d(LOG_TAG, result) 56 | } 57 | else -> { 58 | val result = "Operation failed, with resultCode: $resultCode" 59 | resultText.text = result 60 | Log.e(LOG_TAG, result) 61 | } 62 | } 63 | } 64 | 65 | private fun registerFido2() { 66 | // All the option parameters should come from the Relying Party / server 67 | val options = PublicKeyCredentialCreationOptions.Builder() 68 | .setRp(PublicKeyCredentialRpEntity("strategics-fido2.firebaseapp.com", "Fido2Demo", null)) 69 | .setUser( 70 | PublicKeyCredentialUserEntity( 71 | "demo@example.com".toByteArray(), 72 | "demo@example.com", 73 | null, 74 | "Demo User" 75 | ) 76 | ) 77 | .setChallenge(challenge()) 78 | .setParameters( 79 | listOf( 80 | PublicKeyCredentialParameters( 81 | PublicKeyCredentialType.PUBLIC_KEY.toString(), 82 | EC2Algorithm.ES256.algoValue 83 | ) 84 | ) 85 | ) 86 | .build() 87 | 88 | val fido2ApiClient = Fido.getFido2ApiClient(applicationContext) 89 | val fido2PendingIntentTask = fido2ApiClient.getRegisterIntent(options) 90 | fido2PendingIntentTask.addOnSuccessListener { fido2PendingIntent -> 91 | if (fido2PendingIntent.hasPendingIntent()) { 92 | try { 93 | Log.d(LOG_TAG, "launching Fido2 Pending Intent") 94 | fido2PendingIntent.launchPendingIntent(this@MainActivity, REQUEST_CODE_REGISTER) 95 | } catch (e: IntentSender.SendIntentException) { 96 | e.printStackTrace() 97 | } 98 | } 99 | } 100 | } 101 | 102 | private fun signFido2() { 103 | // All the option parameters should come from the Relying Party / server 104 | val options = PublicKeyCredentialRequestOptions.Builder() 105 | .setRpId("strategics-fido2.firebaseapp.com") 106 | .setAllowList( 107 | listOf( 108 | PublicKeyCredentialDescriptor( 109 | PublicKeyCredentialType.PUBLIC_KEY.toString(), 110 | loadKeyHandle(), 111 | null 112 | ) 113 | ) 114 | ) 115 | .setChallenge(challenge()) 116 | .build() 117 | 118 | val fido2ApiClient = Fido.getFido2ApiClient(applicationContext) 119 | val fido2PendingIntentTask = fido2ApiClient.getSignIntent(options) 120 | fido2PendingIntentTask.addOnSuccessListener { fido2PendingIntent -> 121 | if (fido2PendingIntent.hasPendingIntent()) { 122 | try { 123 | Log.d(LOG_TAG, "launching Fido2 Pending Intent") 124 | fido2PendingIntent.launchPendingIntent(this@MainActivity, REQUEST_CODE_SIGN) 125 | } catch (e: IntentSender.SendIntentException) { 126 | e.printStackTrace() 127 | } 128 | } 129 | } 130 | } 131 | 132 | private fun handleErrorResponse(errorBytes: ByteArray) { 133 | val authenticatorErrorResponse = AuthenticatorErrorResponse.deserializeFromBytes(errorBytes) 134 | val errorName = authenticatorErrorResponse.errorCode.name 135 | val errorMessage = authenticatorErrorResponse.errorMessage 136 | 137 | Log.e(LOG_TAG, "errorCode.name: $errorName") 138 | Log.e(LOG_TAG, "errorMessage: $errorMessage") 139 | 140 | val registerFidoResult = "An Error Ocurred\n\nError Name:\n$errorName\n\nError Message:\n$errorMessage" 141 | resultText.text = registerFidoResult 142 | } 143 | 144 | /** 145 | * The response should be sent to the Relying Party / server to validate and store 146 | */ 147 | private fun handleRegisterResponse(fido2Response: ByteArray) { 148 | val response = AuthenticatorAttestationResponse.deserializeFromBytes(fido2Response) 149 | val keyHandleBase64 = Base64.encodeToString(response.keyHandle, Base64.DEFAULT) 150 | val clientDataJson = String(response.clientDataJSON, Charsets.UTF_8) 151 | val attestationObjectBase64 = Base64.encodeToString(response.attestationObject, Base64.DEFAULT) 152 | 153 | storeKeyHandle(response.keyHandle) 154 | signFido2Button.isEnabled = true 155 | 156 | Log.d(LOG_TAG, "keyHandleBase64: $keyHandleBase64") 157 | Log.d(LOG_TAG, "clientDataJSON: $clientDataJson") 158 | Log.d(LOG_TAG, "attestationObjectBase64: $attestationObjectBase64") 159 | 160 | val registerFido2Result = "Authenticator Attestation Response\n\n" + 161 | "keyHandleBase64:\n" + 162 | "$keyHandleBase64\n\n" + 163 | "clientDataJSON:\n" + 164 | "$clientDataJson\n\n" + 165 | "attestationObjectBase64:\n" + 166 | "$attestationObjectBase64\n" 167 | 168 | resultText.text = registerFido2Result 169 | } 170 | 171 | /** 172 | * The response should be sent to the Relying Party / server to validate 173 | */ 174 | private fun handleSignResponse(fido2Response: ByteArray) { 175 | val response = AuthenticatorAssertionResponse.deserializeFromBytes(fido2Response) 176 | val keyHandleBase64 = Base64.encodeToString(response.keyHandle, Base64.DEFAULT) 177 | val clientDataJson = String(response.clientDataJSON, Charsets.UTF_8) 178 | val authenticatorDataBase64 = Base64.encodeToString(response.authenticatorData, Base64.DEFAULT) 179 | val signatureBase64 = Base64.encodeToString(response.signature, Base64.DEFAULT) 180 | 181 | Log.d(LOG_TAG, "keyHandleBase64: $keyHandleBase64") 182 | Log.d(LOG_TAG, "clientDataJSON: $clientDataJson") 183 | Log.d(LOG_TAG, "authenticatorDataBase64: $authenticatorDataBase64") 184 | Log.d(LOG_TAG, "signatureBase64: $signatureBase64") 185 | 186 | val signFido2Result = "Authenticator Assertion Response\n\n" + 187 | "keyHandleBase64:\n" + 188 | "$keyHandleBase64\n\n" + 189 | "clientDataJSON:\n" + 190 | "$clientDataJson\n\n" + 191 | "authenticatorDataBase64:\n" + 192 | "$authenticatorDataBase64\n\n" + 193 | "signatureBase64:\n" + 194 | "$signatureBase64\n" 195 | 196 | resultText.text = signFido2Result 197 | } 198 | 199 | /** 200 | * https://www.w3.org/TR/webauthn/#cryptographic-challenges 201 | */ 202 | private fun challenge(): ByteArray { 203 | val secureRandom = SecureRandom() 204 | val challenge = ByteArray(16) 205 | secureRandom.nextBytes(challenge) 206 | return challenge 207 | } 208 | 209 | private fun storeKeyHandle(keyHandle: ByteArray) { 210 | PreferenceManager.getDefaultSharedPreferences(this).edit { 211 | putString(KEY_HANDLE_PREF, Base64.encodeToString(keyHandle, Base64.DEFAULT)) 212 | } 213 | } 214 | 215 | private fun loadKeyHandle(): ByteArray? { 216 | val keyHandleBase64 = PreferenceManager.getDefaultSharedPreferences(this).getString(KEY_HANDLE_PREF, null) 217 | ?: return null 218 | return Base64.decode(keyHandleBase64, Base64.DEFAULT) 219 | } 220 | } 221 | -------------------------------------------------------------------------------- /app/src/main/res/drawable/ic_launcher_foreground.xml: -------------------------------------------------------------------------------- 1 | 6 | 8 | 11 | 14 | 17 | 20 | 23 | 26 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /app/src/main/res/layout/activity_main.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | 9 |