o shX@sRddlmZddlmZddlmZddlmZmZddl m Z ddl m Z m Z ddlmZmZdd lmZmZdd lmZmZmZmZdd lmZdd lmZmZmZmZm Z m!Z!dd l"Z"dd l#Z#e#$e%Z&dddZ'Gdddee(Z)edddGddde)Z*edddGddde)Z+edddGddde)Z,GdddZ-d S) ) annotations)cbor)_DataClassMapping) CtapDevice CtapError)CoseKey)CTAPHID CAPABILITY)AuthenticatorDataAaguid)IntEnumunique) dataclassfieldfieldsField)Event)MappingDictAnyListOptionalCallableNreturnDict[int, Any]cGsddt|dDS)zConstructs a dict from a list of arguments for sending a CBOR command. None elements will be omitted. :param params: Arguments, in order, to add to the command. :return: The input parameters as a dict. cSsi|] \}}|dur||qSN).0ivrrK/var/www/html/env_mimamsha/lib/python3.10/site-packages/fido2/ctap2/base.py 6szargs..) enumerate)paramsrrr!args/sr&c@seZdZedddZdS) _CborDataObjectrrrintcCst||dS)Nr#)rindex)clsrrrr!_get_field_key:sz_CborDataObject._get_field_keyN)rrrr()__name__ __module__ __qualname__ classmethodr+rrrr!r'9sr'FT)eqfrozenc@s$eZdZUdZded<eedZded<ej Z ded<ee dZ ded <d Z d ed <eedZd ed<dZded<dZded<eedZded<dZded<dZded<dZded<dZd ed<dZded<dZded<dZd ed<dZded <dZded!<dZd"ed#<dZded$<dZd%ed&<dS)'InfoarBinary CBOR encoded response data returned by the CTAP2 GET_INFO command. :param _: The binary content of the Info data. :ivar versions: The versions supported by the authenticator. :ivar extensions: The extensions supported by the authenticator. :ivar aaguid: The AAGUID of the authenticator. :ivar options: The options supported by the authenticator. :ivar max_msg_size: The max message size supported by the authenticator. :ivar pin_uv_protocols: The PIN/UV protocol versions supported by the authenticator. :ivar max_creds_in_list: Max number of credentials supported in list at a time. :ivar max_cred_id_length: Max length of Credential ID supported. :ivar transports: List of supported transports. :ivar algorithms: List of supported algorithms for credential creation. :ivar data: The Info members, in the form of a dict. z List[str]versions)default_factory extensionsr aaguidzDict[str, bool]optionsir( max_msg_sizez List[int]pin_uv_protocolsN Optional[int]max_creds_in_listmax_cred_id_length transportszOptional[List[Dict[str, Any]]] algorithmsmax_large_blobFboolforce_pin_changemin_pin_lengthfirmware_versionmax_cred_blob_lengthrmax_rpids_for_min_pinpreferred_platform_uv_attempts uv_modalityzOptional[Dict]certificationsremaining_disc_credszOptional[List[int]] vendor_prototype_config_commands)r,r-r.__doc____annotations__rlistr5r NONEr6dictr7r8r9r;r<r=r>r?rArCrDrErFrGrHrIrJrKrrrr!r2?s.               r2c@sBeZdZUdZded<ded<ded<dZd ed <dZd ed <dS) AttestationResponsearBinary CBOR encoded attestation object. :param _: The binary representation of the attestation object. :type _: bytes :ivar fmt: The type of attestation used. :type fmt: str :ivar auth_data: The attested authenticator data. :type auth_data: AuthenticatorData :ivar att_stmt: The attestation statement. :type att_stmt: Dict[str, Any] strfmtr auth_datazDict[str, Any]att_stmtNOptional[bool]ep_attOptional[bytes]large_blob_key)r,r-r.rLrMrWrYrrrr!rQhs   rQc@sreZdZUdZded<ded<ded<dZd ed <dZd ed <dZd ed<dZded<dddZ e dddZ dS)AssertionResponseaBinary CBOR encoded assertion response. :param _: The binary representation of the assertion response. :ivar credential: The credential used for the assertion. :ivar auth_data: The authenticator data part of the response. :ivar signature: The digital signature of the assertion. :ivar user: The user data of the credential. :ivar number_of_credentials: The total number of responses available (only set for the first response, if > 1). Mapping[str, Any] credentialr rTbytes signatureNzOptional[Dict[str, Any]]userr:number_of_credentialsrV user_selectedrXrY client_param public_keyrcCs||j||jdS)aVerify the digital signature of the response with regard to the client_param, using the given public key. :param client_param: SHA256 hash of the ClientData used for the request. :param public_key: The public key of the credential, to verify. N)verifyrTr^)selfrbrcrrr!rdszAssertionResponse.verify app_paramr'AssertionResponse'cCs&||t||jtjj@|j|jdS)a^Create an AssertionResponse from a CTAP1 SignatureData instance. :param app_param: SHA256 hash of the RP ID used for the CTAP1 request. :param credential: Credential used for the CTAP1 request (from the allowList). :param authentication: The CTAP1 signature data. :return: The assertion response. )r\rTr^)r create user_presenceFLAGUPcounterr^)r*rfr\authenticationrrr! from_ctap1s  zAssertionResponse.from_ctap1)rbr]rcr)rfr]r\r[rrg) r,r-r.rLrMr_r`rarYrdr/rnrrrr!rZ}s        rZc@sNeZdZdZeGdddeZd[d\d d Zed]d dZ d^dddd_ddZ d]ddZ      d`ddddad)d*Z ddddbd,d-Z      d`ddddcdBNrr#z,Non-canonical CBOR from Authenticator. Got: z Expected: zDecoded value of wrong type)structpackrencodercallr rrdecoderrhex isinstancer TypeError) rerrrrrequestresponsestatusencdecodedexpectedrrr! send_cbors0     zCtap2.send_cborcCt|tjjS)zVCTAP2 getInfo command. :return: Information about the authenticator. )r2 from_dictrrorr|rrrr!rzCtap2.get_infopin_uv_protocolsub_cmd key_agreement pin_uv_paramrX new_pin_enc pin_hash_enc permissionsr:permissions_rpid Optional[str]c  Cs,|jtjjt||||||dd|| | | dS)aCTAP2 clientPin command, used for various PIN operations. This method is not intended to be called directly. It is intended to be used by an instance of the PinProtocolV1 class. :param pin_uv_protocol: The PIN/UV protocol version to use. :param sub_cmd: A clientPin sub command. :param key_agreement: The keyAgreement parameter. :param pin_uv_param: The pinAuth parameter. :param new_pin_enc: The newPinEnc parameter. :param pin_hash_enc: The pinHashEnc parameter. :param permissions: The permissions parameter. :param permissions_rpid: The permissions RPID parameter. :param event: Optional threading.Event used to cancel the request. :param on_keepalive: Optional callback function to handle keep-alive messages from the authenticator. :return: The response of the command, decoded. Nr)rrorr}r&) rerrrrrrrrrrrrr! client_pins"  zCtap2.client_pinNonecCs"|jtjj||dtddS)a CTAP2 reset command, erases all credentials and PIN. :param event: Optional threading.Event object used to cancel the request. :param on_keepalive: Optional callback function to handle keep-alive messages from the authenticator. rz!Reset completed - All data erasedN)rrorr~loggerrrerrrrr!reset:s z Ctap2.resetclient_data_hashr]rpr[r_ key_paramsList[Mapping[str, Any]] exclude_list!Optional[List[Mapping[str, Any]]]r5Optional[Mapping[str, Any]]r7enterprise_attestationrQc  Cs<tdt|jtjjt||||||||| | | | dS)aCTAP2 makeCredential operation. :param client_data_hash: SHA256 hash of the ClientData. :param rp: PublicKeyCredentialRpEntity parameters. :param user: PublicKeyCredentialUserEntity parameters. :param key_params: List of acceptable credential types. :param exclude_list: Optional list of PublicKeyCredentialDescriptors. :param extensions: Optional dict of extensions. :param options: Optional dict of options. :param pin_uv_param: Optional PIN/UV auth parameter. :param pin_uv_protocol: The version of PIN/UV protocol used, if any. :param enterprise_attestation: Whether or not to request Enterprise Attestation. :param event: Optional threading.Event used to cancel the request. :param on_keepalive: Optional callback function to handle keep-alive messages from the authenticator. :return: The new credential. zCalling CTAP2 make_credentialr) rdebugrQrrrorrzr&) rerrr_rrr5r7rrrrrrrr!make_credentialIs( ! zCtap2.make_credentialrp_idrR allow_listrZc Cs6tdt|jtjjt||||||||| dS)aCTAP2 getAssertion command. :param rp_id: The RP ID of the credential. :param client_data_hash: SHA256 hash of the ClientData used. :param allow_list: Optional list of PublicKeyCredentialDescriptors. :param extensions: Optional dict of extensions. :param options: Optional dict of options. :param pin_uv_param: Optional PIN/UV auth parameter. :param pin_uv_protocol: The version of PIN/UV protocol used, if any. :param event: Optional threading.Event used to cancel the request. :param on_keepalive: Optional callback function to handle keep-alive messages from the authenticator. :return: The new assertion. zCalling CTAP2 get_assertionr) rrrZrrrorr{r&) rerrrr5r7rrrrrrr! get_assertions"  zCtap2.get_assertioncCr)zaCTAP2 getNextAssertion command. :return: The next available assertion response. )rZrrrorrrrrr!get_next_assertionrzCtap2.get_next_assertionList[AssertionResponse]cs8j|i|}fddtd|jpdD}|g|S)zuConvenience method to get list of assertions. See get_assertion and get_next_assertion for details. csg|]}qSr)r)r_rrr! sz(Ctap2.get_assertions..r#)rranger`)rer&kwargsfirstrestrrr!get_assertionss   zCtap2.get_assertionssub_cmd_paramscCsJd|jjvr tjj}nd|jjvrtjj}ntd||t||||S)agCTAP2 credentialManagement command, used to manage resident credentials. NOTE: This implements the current draft version of the CTAP2 specification and should be considered highly experimental. This method is not intended to be called directly. It is intended to be used by an instance of the CredentialManagement class. :param sub_cmd: A CredentialManagement sub command. :param sub_cmd_params: Sub command specific parameters. :param pin_uv_protocol: PIN/UV auth protocol version used. :param pin_uv_param: PIN/UV Auth parameter. credMgmtcredentialMgmtPreviewz9Credential Management not supported by this Authenticator) rr7rorrrrrr&)rerrrrrrrr!credential_mgmts     zCtap2.credential_mgmtmodality get_modalityrVc CsTd|jjvr tjj} nd|jjvrtjj} ntd|j| t||||||||dS)aCTAP2 bio enrollment command. Used to provision/enumerate/delete bio enrollments in the authenticator. NOTE: This implements the current draft version of the CTAP2 specification and should be considered highly experimental. This method is not intended to be called directly. It is intended to be used by an instance of the BioEnrollment class. :param modality: The user verification modality being used. :param sub_cmd: A BioEnrollment sub command. :param sub_cmd_params: Sub command specific parameters. :param pin_uv_protocol: PIN/UV protocol version used. :param pin_uv_param: PIN/UV auth param. :param get_modality: Get the user verification type modality. bioEnrolluserVerificationMgmtPreviewz)Authenticator does not support Bio Enrollr) rr7rorrrrrr&) rerrrrrrrrrrrr!bio_enrollments$    zCtap2.bio_enrollmentcCs|jtjj||ddS)aqCTAP2 authenticator selection command. This command allows the platform to let a user select a certain authenticator by asking for user presence. :param event: Optional threading.Event used to cancel the request. :param on_keepalive: Optional callback function to handle keep-alive messages from the authenticator. rN)rrorrrrrr! selectionszCtap2.selectionoffsetgetsetlengthc Cs|tjjt||||||S)aRCTAP2 authenticator large blobs command. This command is used to read and write the large blob array. This method is not intended to be called directly. It is intended to be used by an instance of the LargeBlobs class. :param offset: The offset of where to start reading/writing data. :param get: Optional (max) length of data to read. :param set: Optional data to write. :param length: Length of the payload in set. :param pin_uv_protocol: PIN/UV protocol version used. :param pin_uv_param: PIN/UV auth param. )rrorrr&)rerrrrrrrrr! large_blobs"szCtap2.large_blobscCs|tjjt||||S)a CTAP2 authenticator config command. This command is used to configure various authenticator features through the use of its subcommands. This method is not intended to be called directly. It is intended to be used by an instance of the Config class. :param sub_cmd: A Config sub command. :param sub_cmd_params: Sub command specific parameters. :param pin_uv_protocol: PIN/UV auth protocol version used. :param pin_uv_param: PIN/UV Auth parameter. )rrorrr&)rerrrrrrr!config>s z Ctap2.config)T)rrrr@)rr2r) rr(rrrrrrrr)NNNNNN)rr(rr(rrrrXrrXrrXrr:rrrrrrrr)rrrrrr)rr]rr[r_r[rrrrr5rr7rrrXrr:rr:rrrrrrQ)NNNNN)rrRrr]rrr5rr7rrrXrr:rrrrrrZ)rrZ)rr)NNN) rr(rrrr:rrXrr)rr:rr:rrrr:rrXrrVrrrrrr)rr(rr:rrXrr:rrXrr:rr)r,r-r.rLrr rrpropertyrrrrrrrrrrrrrrrrrr!ros    &  5 :  -  $ 3 ro)rr). __future__rrutilsrctaprrcoserhidr r webauthnr r enumr r dataclassesrrrr threadingrtypingrrrrrrrlogging getLoggerr,rr&r(r'r2rQrZrorrrr!s.          ( 4