FIDO android客户端认证

其他 2019-03-05 01:49:04 阅读次数: 0

1、官方测试网址

https://conformance.fidoalliance.org/v2_tool/

需要注册登录。


2、网页手动测试

        登录后页面显示包含“Manual Tests”和“Start Server Test”其中“Manual Tests”为手动测试,在正式测试之前需要通过网页版的手动测试,测试时使用的TestID可以随便填写。

         测试方式有两种:Single和Bunk。Single测试方式比较好理解,只要将输入的“Request”和输出的“Response”;Bunk测试方式需要将所有的单独测试项的Request和Response罗列在一个文件中(其中Authenticate需要做三次,不然会报错),通过“选择文件”按钮添加已经编辑好的报文文件,选择测试类别,就可以测试了。实例如下:

RegReq: [{"header":{"upv":{"major":1,"minor":0},"op":"Reg","appID":"https://fido.tendyron.com:8283/tdrfidouaf/facets","serverData":"cFQwUEE3cWlfRXFjWVJYNGpGclhLZlp1RnpLQVQyM3VRdlF0TENaT2Mydy5NVFV3TmpjMU1qRXlNVFEwTWcuZEdSeS5Ta1JLYUVwRVJYZEtSbEUwVWtoR2RGUnJPVkJoUXpsVFpXdGtNMVl6Vlhka1YzUldVVEpW"},"challenge":"JDJhJDEwJFQ4RHFtTk9PaC9Sekd3V3UwdWtVQ2U","username":"tdr","policy":{"accepted":[[{"aaid":["0055#0001"]}],[{"aaid":["0014#1001"]}]]}}]
RegResp: [{"assertions":[{"assertion":"AT4kAQM-2AALLgkAMDA4QSMwMDAyDi4HAAAAAQEAAAEKLiAAOYRSVfMCNYLYI9dIMJEW90yi7TJix9JE1HLwDKkrLH8JLkcAWldKaGVTMTBaWE4wTFd0bGVTMUtSRXBvU2tSRmQwcEdjRmhVTWtWNFRqQlNXRlZIUlhwaGJsSnpZbGRLU2xaWVpFMU5SVGcNLggAAAAAAAAAAAAMLkEABP6F2lGgicROWhC0YP6CRIDDPVRm4-hD52CQhw6HviuqvZ1oNitTxIa3TtV1Z6s76OfQ3Uc6mkR0egenXFpGxEcIPkQABi5AAGk1skwluqi5Pb7oYGUXdZLrSfwZb-FV6iL7kjSaIg2qmNM2fZlS04E3131-rRdQeqkqwafnH2jwOUXs2EWd1lM","assertionScheme":"UAFV1TLV"}],"fcParams":"eyJhcHBJRCI6Imh0dHBzOi8vZmlkby50ZW5keXJvbi5jb206ODI4My90ZHJmaWRvdWFmL2ZhY2V0cyIsImNoYWxsZW5nZSI6IkpESmhKREV3SkZRNFJIRnRUazlQYUM5U2VrZDNWM1V3ZFd0VlEyVSIsImZhY2V0SUQiOiJhbmRyb2lkOmFway1rZXktaGFzaDoydGMzblVyZ0djRTJUN2JqclBZWVNiTHltdjQifQ","header":{"appID":"https://fido.tendyron.com:8283/tdrfidouaf/facets","op":"Reg","serverData":"cFQwUEE3cWlfRXFjWVJYNGpGclhLZlp1RnpLQVQyM3VRdlF0TENaT2Mydy5NVFV3TmpjMU1qRXlNVFEwTWcuZEdSeS5Ta1JLYUVwRVJYZEtSbEUwVWtoR2RGUnJPVkJoUXpsVFpXdGtNMVl6Vlhka1YzUldVVEpW","upv":{"major":1,"minor":0}}}]

AuthReq: [{"header":{"upv":{"major":1,"minor":0},"op":"Auth","appID":"https://fido.tendyron.com:8283/tdrfidouaf/facets","serverData":"SDZXR3hLN1V1WkFCU3plcVE1RGVza2xGa011QzRVRF9SX09USWZPY1R4TS5NVFV3TmpjMU1qSTBPVE13TWcuU2tSS2FFcEVSWGRLUlU1VVducGtSVTR3YzNwaFJHUjFUVzVrVkZGWGNEVmtWbWhRV1c1Vg"},"challenge":"JDJhJDEwJENTZzdEN0szaDduMndTQWp5dVhPYnU","policy":{"accepted":[[{"aaid":["0055#0001"]}],[{"aaid":["0014#1001"]}]]}}]
AuthResp: [{"assertions":[{"assertion":"Aj4dAQQ-1QALLgkAMDA4QSMwMDAyDi4FAAAAAQEADy5AADQ4ZmViMmIzYjllOWE2OTE4NTllYTk0MTljOWI4ZWNmMzIyY2E4NjAwYmI4N2RmMTc0MDg0M2JmNzc0ODI5YTQKLiAAnMQ7OkqtooIwE9CTDkoxphFm-TRZiUMMJK_KYRdaLesQLgAACS5HAFpXSmhlUzEwWlhOMExXdGxlUzFLUkVwb1NrUkZkMHBHY0ZoVU1rVjRUakJTV0ZWSFJYcGhibEp6WWxkS1NsWllaRTFOUlRnDS4EAAAAAAAGLkAAr79MFjO9SDq-TvQVmFjUVb6I45SMc1Nu5nE8NJuuVW_ngf6zk7Ue8eDSDrIRmi2W2qVD770NYaz1enSqiNkmEg","assertionScheme":"UAFV1TLV"}],"fcParams":"eyJhcHBJRCI6Imh0dHBzOi8vZmlkby50ZW5keXJvbi5jb206ODI4My90ZHJmaWRvdWFmL2ZhY2V0cyIsImNoYWxsZW5nZSI6IkpESmhKREV3SkVOVFp6ZEVOMHN6YURkdU1uZFRRV3A1ZFZoUFluVSIsImZhY2V0SUQiOiJhbmRyb2lkOmFway1rZXktaGFzaDoydGMzblVyZ0djRTJUN2JqclBZWVNiTHltdjQifQ","header":{"appID":"https://fido.tendyron.com:8283/tdrfidouaf/facets","op":"Auth","serverData":"SDZXR3hLN1V1WkFCU3plcVE1RGVza2xGa011QzRVRF9SX09USWZPY1R4TS5NVFV3TmpjMU1qSTBPVE13TWcuU2tSS2FFcEVSWGRLUlU1VVducGtSVTR3YzNwaFJHUjFUVzVrVkZGWGNEVmtWbWhRV1c1Vg","upv":{"major":1,"minor":0}}}]

AuthReq: [{"header":{"upv":{"major":1,"minor":0},"op":"Auth","appID":"https://fido.tendyron.com:8283/tdrfidouaf/facets","serverData":"Z05PYjc4c2ZldTNiS0M4SDYxblpaaTlaelJ4MHRvdldXRW9ZbVFyeDZCZy5NVFV3TmpjMU1qTXhNekF5TWcuU2tSS2FFcEVSWGRLUlVWNFRWWmFOR1F6Y0VKTlJ6VTJZVEExTWxORlRubGtWemxNVGxoVg"},"challenge":"JDJhJDEwJEExMVZ4d3pBMG56a052SENydW9LNXU","policy":{"accepted":[[{"aaid":["0055#0001"]}],[{"aaid":["0014#1001"]}]]}}]
AuthResp: [{"assertions":[{"assertion":"Aj4dAQQ-1QALLgkAMDA4QSMwMDAyDi4FAAAAAQEADy5AADFlNGUyNDIzZWUyYzk4MmI0ODEyODNkMGIyODY3NzM0ZjMxODUyMjk1YTBjNmZmNjFkMjMxOWM1NzRkYzlkZTUKLiAAHV1jvz84Uk_YJl-Kie8Hop3DQsKaMyVWtpfhia9wXTEQLgAACS5HAFpXSmhlUzEwWlhOMExXdGxlUzFLUkVwb1NrUkZkMHBHY0ZoVU1rVjRUakJTV0ZWSFJYcGhibEp6WWxkS1NsWllaRTFOUlRnDS4EAAAAAAAGLkAA1NpThxQM1gY9qARx_rmoIV14gjr7p9HNUshO5AuXvNPwiuKwG_3A-evshxlRe8ucdmLqtHIQF0WKQqPT-WgyZg","assertionScheme":"UAFV1TLV"}],"fcParams":"eyJhcHBJRCI6Imh0dHBzOi8vZmlkby50ZW5keXJvbi5jb206ODI4My90ZHJmaWRvdWFmL2ZhY2V0cyIsImNoYWxsZW5nZSI6IkpESmhKREV3SkVFeE1WWjRkM3BCTUc1NmEwNTJTRU55ZFc5TE5YVSIsImZhY2V0SUQiOiJhbmRyb2lkOmFway1rZXktaGFzaDoydGMzblVyZ0djRTJUN2JqclBZWVNiTHltdjQifQ","header":{"appID":"https://fido.tendyron.com:8283/tdrfidouaf/facets","op":"Auth","serverData":"Z05PYjc4c2ZldTNiS0M4SDYxblpaaTlaelJ4MHRvdldXRW9ZbVFyeDZCZy5NVFV3TmpjMU1qTXhNekF5TWcuU2tSS2FFcEVSWGRLUlVWNFRWWmFOR1F6Y0VKTlJ6VTJZVEExTWxORlRubGtWemxNVGxoVg","upv":{"major":1,"minor":0}}}]

AuthReq: [{"header":{"upv":{"major":1,"minor":0},"op":"Auth","appID":"https://fido.tendyron.com:8283/tdrfidouaf/facets","serverData":"akhydGU4Tml1RmJfQW1vckUzbXhCRk9RdUdGOUJsNmpzdlBwWXlZNl84by5NVFV3TmpjMU1qTTNNRFkzT0EuU2tSS2FFcEVSWGRLUmtwSFducEJORmt5TkRWTWFUbHNWa1JDZVZkSE9XNWxSRUpDVFZVNA"},"challenge":"JDJhJDEwJFJGZzA4Y245Li9lVDByWG9neDBBMU8","transaction":[{"contentType":"text/plain","content":"MTAw"}],"policy":{"accepted":[[{"aaid":["0055#0001"]}],[{"aaid":["0033#0001"]}],[{"aaid":["0033#0101"]}],[{"aaid":["0050#0001"]}],[{"aaid":["0014#1001"]}]]}}]
AuthResp: [{"assertions":[{"assertion":"Aj4dAQQ-1QALLgkAMDA4QSMwMDAyDi4FAAAAAQEADy5AAGQwZDdlMjMyYWMxZGJhOWYyYzcyYjViMjQ1ZWM1ZTA0YTM5OGUwYWM5Y2NkYzI2MWJiOWEwOWFjMzFjMWE4YWMKLiAAMlrIV5yeU16WC6OZZVawZ-niDhavVOhePz6g2UjOducQLgAACS5HAFpXSmhlUzEwWlhOMExXdGxlUzFLUkVwb1NrUkZkMHBHY0ZoVU1rVjRUakJTV0ZWSFJYcGhibEp6WWxkS1NsWllaRTFOUlRnDS4EAAAAAAAGLkAAxqZC10-koshLLW2nQiTopSO6UPZ0ni5uWvTX6VvhmoTCmoYfFhXA8Cl9XCcL3QnCE64g9vFBA_qXKy5b-3nSvA","assertionScheme":"UAFV1TLV"}],"fcParams":"eyJhcHBJRCI6Imh0dHBzOi8vZmlkby50ZW5keXJvbi5jb206ODI4My90ZHJmaWRvdWFmL2ZhY2V0cyIsImNoYWxsZW5nZSI6IkpESmhKREV3SkZKR1p6QTRZMjQ1TGk5bFZEQnlXRzluZURCQk1VOCIsImZhY2V0SUQiOiJhbmRyb2lkOmFway1rZXktaGFzaDoydGMzblVyZ0djRTJUN2JqclBZWVNiTHltdjQifQ","header":{"appID":"https://fido.tendyron.com:8283/tdrfidouaf/facets","op":"Auth","serverData":"akhydGU4Tml1RmJfQW1vckUzbXhCRk9RdUdGOUJsNmpzdlBwWXlZNl84by5NVFV3TmpjMU1qTTNNRFkzT0EuU2tSS2FFcEVSWGRLUmtwSFducEJORmt5TkRWTWFUbHNWa1JDZVZkSE9XNWxSRUpDVFZVNA","upv":{"major":1,"minor":0}}}]

DeregReq:  [{"header":{"upv":{"major":1,"minor":0},"op":"Dereg","appID":"https://fido.tendyron.com:8283/tdrfidouaf/facets"},"authenticators":[{"aaid":"008A#0002","keyID":"WldKaGVTMTBaWE4wTFd0bGVTMUtSRXBvU2tSRmQwcEdjRmhVTWtWNFRqQlNXRlZIUlhwaGJsSnpZbGRLU2xaWVpFMU5SVGc"},{"aaid":"008A#0002","keyID":"WldKaGVTMTBaWE4wTFd0bGVTMUtSRXBvU2tSRmQwcElWbkJWYlRGTldWVnNXRlpXU1RCWFYyUjRUV3RHVlUwd2JFNVRNbFU"},{"aaid":"008A#0002","keyID":"WldKaGVTMTBaWE4wTFd0bGVTMUtSRXBvU2tSRmQwcEdSWFZXTTFVd1lXMUZkVlV5VWtSVGJGcDZUVE5PTWsxWWNFcGlNRGc"},{"aaid":"008A#0002","keyID":"WldKaGVTMTBaWE4wTFd0bGVTMUtSRXBvU2tSRmQwcElVbTFVVlRGdlkyMW9iV1J0T0RGTWEzUTFWRmhTVTA1WFRuSlZhVFE"}]}]

UAF Conformance Test测试项包括:


扫描二维码关注公众号,回复: 5416771 查看本文章

本次通过认证并没有对这项测试结果做要求,也能是新的APP测试项已经覆盖了这部分内容,但这依然是查看合法的标准报文和验证报文的重要途径。


3、APP手动测试工具

认证最终没有使用网页上提供的旧版测试app,2017年11月的认证首次使用了新版的测试工具,在调试的过程中测试工具一直出现各种bug,耽误了很多时间。认证时使用的软件版本号为v0.8.31,软件还存在许多未知bug,FIDO的软件工程师还在不停的更新版本。

官方测试工具下载地址:https://conformance-test.fidoalliance.org

Username:conformance

Password: accioBuilds


4、APP手动测试简介

要使用官方测试APP,首先需要有一个官方给出的AAID,AAID是需要交钱向FIDO官方申请的,格式形如008A#0001,其中#前面的是公司的代码,花钱买的主要就是这个四个字符,#后面的一般用于区分不通的认证器,ios端最终使用的是008A#0001,android端的是008A#0002。除了AAID,还需要一个json格式的metadata(元数据)如下:

{

         "aaid":"1234#1234",

         "authenticatorVersion":1,

         "authenticationAlgorithm":1,

         "publicKeyAlgAndEncoding":256,

         "assertionScheme":"UAFV1TLV",

         "attachmentHint":1,

         "attestationTypes":[15880],

         "attestationRootCertificates":[],

         "description":"略",

         "icon":略,

         "isSecondFactorOnly":false,

         "upv":[{"major":1,"minor":0}],

         "tcDisplay":1,

         "tcDisplayContentType":"text/plain",

         "title":"略",

         "keyProtection":1,

         "matcherProtection":4,

         "userVerificationDetails":[[{"userVerification": 1}]]

}

        这里忽略了一些不必要的metadata字段,完整的metadata关键字及含义在官方fido-metadata-statement-v1.1-id-20170202.pdf的文档中有详细说明。

下图是测试工具的页面,需要输入一些必要数据后才可以开始测试。

                 

         这一版测试工具比较不方便的是无法逐条单独测试,只能按类别批量测试(比如选择Registration test就要一下跑完所有Registration的测试项),对于定位错误实在是很麻烦。但是这一版测试工具基本实现了官方文档中给出的所有测试项。FIDO UAF TestSpecification.pdf这个文档详细描述了每个测试项的细节信息。

         当所有的测试项都完成并通过,会有一个提交测试结果的按钮,点击后填写公司信息提交就可以,Fido官方会确认测试结果的。如果确认测试结果有效,那么手动测试的部分就完成了。接下来的就是交互性测试,也同样可以使用官方测试软件进行测试。

         首先要把待测试的认证器的AAID、metadata以及FactID告诉待测的服务器厂商,让他们把这些数据录入他们的FIDO服务器,以信任你的认证器。输入用户名,待测服务器地址以及待测认证器的AAID就可以开始测试,页面如下图(通过认证时最后两个测试项还有bug无法测试,正式认证的时候官方人员也没提这个):

           

正式的认证时官方工作人员会把所有当期他要通过认证的厂商都添加到一个视频会议中,然后通过摄像头,看你通过该官方APP连接当期要过认证的服务器,一个一个测试,如果全部通过,那么恭喜你认证就通过了,其实还是比较水的。但是由于时差的问题,认证测试时凌晨一点开始的,客户端还比较容易,很快就测完了。服务器就比较惨了,按照凌晨一点到早上九点熬了两个通宵。

猜你喜欢

转载自blog.csdn.net/huluobobb/article/details/78592180
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
循环神经网络(rnn)讲解
Tigao教程四:单独的关节运动
金蝶K3WISE15.0-注册套打教程
如何在Mac上配置Kubernetes
Android应用结束自身进程的方法
SpringMVC学习 十三 拦截器栈
中国驻洛杉矶总领馆举行新春招待会
HttpClient get post 发送
11 - three.js 笔记 - 绘制三维字体模型
Mysql递归获取某个父节点下面的所有子节点和子节点上的所有父节点
每日归档
更多
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022