Closed cyberphone closed 3 years ago
Hi Anders,
Thanks for using our FIDO server for your research work. I'm not sure which version of the FIDO server you're using for your testing - perhaps its the latest 4.4 or an older version, but it might be helpful to let us know when you run into an issue next time. The ping (P) option to skfsclient.jar will give you some useful information about the release you can include in your comment in future.
That said, the problem with the authenticate webservice in your testing is that your server is using the default relying party ID (RPID) in its policy: strongkey.com. However, the RPID you passed in is fidopayme.com - that's the reason why its complaining about an invalid RPID hash.
Technically, the installation process should have included your RPID if you set it correctly in the installation parameters, but if it did not, this could be a bug. We'll investigate with the 4.4 release and respond to you on that. But, for now, here is how you can fix the problem without reinstalling the FIDO server.
First, you need to retrieve your current policy from the FIDO server. You can do this with the following command - you should probably use the numeral 1 for the last parameter on this command (since I added a policy to my server locally, which has a policy ID of 2):
java -jar skfsclient.jar GP https://fido.noorhome.net 1 REST PASSWORD fidoadminuser ********** false 1 2
This will result in output as follows:
Copyright (c) 2001-2021 StrongAuth, Inc. All rights reserved.
REST Get policy test with PASSWORD
*******************************
Calling getpolicyinfo @ https://fido.noorhome.net/skfs/rest/getpolicy
Get policy information test complete.
******************************************
Get policy response : [{"did":1,"sid":1,"pid":2,"policy":"ewogICJGaWRvUG9saWN5IjogewogICAgIm5hbWUiOiAiRGVmYXVsdFBvbGljeSIsCiAgICAiY29weXJpZ2h0IjogIiIsCiAgICAidmVyc2lvbiI6ICIxLjAiLAogICAgInN0YXJ0RGF0ZSI6ICIxNjA2OTU3MjA1IiwKICAgICJlbmREYXRlIjogIjE3NjAxMDM4NzA4NzEiLAogICAgInN5c3RlbSI6IHsKICAgICAgInJlcXVpcmVDb3VudGVyIjogIm1hbmRhdG9yeSIsCiAgICAgICJpbnRlZ3JpdHlTaWduYXR1cmVzIjogZmFsc2UsCiAgICAgICJ1c2VyVmVyaWZpY2F0aW9uIjogWwogICAgICAgICJyZXF1aXJlZCIsCiAgICAgICAgInByZWZlcnJlZCIsCiAgICAgICAgImRpc2NvdXJhZ2VkIgogICAgICBdLAogICAgICAidXNlclByZXNlbmNlVGltZW91dCI6IDAsCiAgICAgICJhbGxvd2VkQWFndWlkcyI6IFsKICAgICAgICAiYWxsIgogICAgICBdLAogICAgICAiand0S2V5VmFsaWRpdHkiOiAzNjUsCiAgICAgICJqd3RSZW5ld2FsV2luZG93IjogMzAKICAgIH0sCiAgICAiYWxnb3JpdGhtcyI6IHsKICAgICAgImN1cnZlcyI6IFsKICAgICAgICAic2VjcDI1NnIxIiwKICAgICAgICAic2VjcDM4NHIxIiwKICAgICAgICAic2VjcDUyMXIxIiwKICAgICAgICAiY3VydmUyNTUxOSIKICAgICAgXSwKICAgICAgInJzYSI6IFsKICAgICAgICAicnNhc3NhLXBrY3MxLXYxXzUtc2hhMjU2IiwKICAgICAgICAicnNhc3NhLXBrY3MxLXYxXzUtc2hhMzg0IiwKICAgICAgICAicnNhc3NhLXBrY3MxLXYxXzUtc2hhNTEyIiwKICAgICAgICAicnNhc3NhLXBzcy1zaGEyNTYiLAogICAgICAgICJyc2Fzc2EtcHNzLXNoYTM4NCIsCiAgICAgICAgInJzYXNzYS1wc3Mtc2hhNTEyIgogICAgICBdLAogICAgICAic2lnbmF0dXJlcyI6IFsKICAgICAgICAiZWNkc2EtcDI1Ni1zaGEyNTYiLAogICAgICAgICJlY2RzYS1wMzg0LXNoYTM4NCIsCiAgICAgICAgImVjZHNhLXA1MjEtc2hhNTEyIiwKICAgICAgICAiZWRkc2EiLAogICAgICAgICJlY2RzYS1wMjU2ay1zaGEyNTYiCiAgICAgIF0KICAgIH0sCiAgICAiYXR0ZXN0YXRpb24iOiB7CiAgICAgICJjb252ZXlhbmNlIjogWwogICAgICAgICJub25lIiwKICAgICAgICAiaW5kaXJlY3QiLAogICAgICAgICJkaXJlY3QiLAogICAgICAgICJlbnRlcnByaXNlIgogICAgICBdLAogICAgICAiZm9ybWF0cyI6IFsKICAgICAgICAiZmlkby11MmYiLAogICAgICAgICJwYWNrZWQiLAogICAgICAgICJ0cG0iLAogICAgICAgICJhbmRyb2lkLWtleSIsCiAgICAgICAgImFuZHJvaWQtc2FmZXR5bmV0IiwKICAgICAgICAibm9uZSIKICAgICAgXQogICAgfSwKICAgICJyZWdpc3RyYXRpb24iOiB7CiAgICAgICJkaXNwbGF5TmFtZSI6ICJyZXF1aXJlZCIsCiAgICAgICJhdHRhY2htZW50IjogWwogICAgICAgICJwbGF0Zm9ybSIsCiAgICAgICAgImNyb3NzLXBsYXRmb3JtIgogICAgICBdLAogICAgICAicmVzaWRlbnRLZXkiOiBbCiAgICAgICAgInJlcXVpcmVkIiwKICAgICAgICAicHJlZmVycmVkIiwKICAgICAgICAiZGlzY291cmFnZWQiCiAgICAgIF0sCiAgICAgICJleGNsdWRlQ3JlZGVudGlhbHMiOiAiZW5hYmxlZCIKICAgIH0sCiAgICAiYXV0aGVudGljYXRpb24iOiB7CiAgICAgICJhbGxvd0NyZWRlbnRpYWxzIjogImVuYWJsZWQiCiAgICB9LAogICAgImF1dGhvcml6YXRpb24iOiB7CiAgICAgICJtYXhkYXRhTGVuZ3RoIjogMjU2LAogICAgICAicHJlc2VydmUiOiB0cnVlCiAgICB9LAogICAgInJwIjogewogICAgICAiaWQiOiAic3Ryb25na2V5LmNvbSIsCiAgICAgICJuYW1lIjogIkZJRE9TZXJ2ZXIiCiAgICB9LAogICAgImV4dGVuc2lvbnMiOiB7CiAgICAgICJleGFtcGxlLmV4dGVuc2lvbiI6IHRydWUKICAgIH0sCiAgICAiand0IjogewogICAgICAiYWxnb3JpdGhtcyI6IFsKICAgICAgICAiRVMyNTYiLAogICAgICAgICJFUzM4NCIsCiAgICAgICAgIkVTNTIxIgogICAgICBdLAogICAgICAiZHVyYXRpb24iOiAzMCwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJycGlkIiwKICAgICAgICAiaWF0IiwKICAgICAgICAiZXhwIiwKICAgICAgICAiY2lwIiwKICAgICAgICAidW5hbWUiLAogICAgICAgICJhZ2VudCIKICAgICAgXSwKICAgICAgInNpZ25pbmdDZXJ0cyI6IHsKICAgICAgICAiRE4iOiAiQ049U3Ryb25nS2V5IEtleSBBcHBsaWFuY2UsTz1TdHJvbmdLZXkiLAogICAgICAgICJjZXJ0c1BlclNlcnZlciI6IDIKICAgICAgfQogICAgfQogIH0KfQ==","status":"Active","notes":"Changed noorhome.net to strongkey.com","createDate":1611272118000}]
Done with get policy!
Now you should copy the Base64-encoded text value of the policy attribute in the response, and decode it as follows:
echo ewogICJGaWRvUG9saWN5IjogewogICAgIm5hbWUiOiAiRGVmYXVsdFBvbGljeSIsCiAgICAiY29weXJpZ2h0IjogIiIsCiAgICAidmVyc2lvbiI6ICIxLjAiLAogICAgInN0YXJ0RGF0ZSI6ICIxNjA2OTU3MjA1IiwKICAgICJlbmREYXRlIjogIjE3NjAxMDM4NzA4NzEiLAogICAgInN5c3RlbSI6IHsKICAgICAgInJlcXVpcmVDb3VudGVyIjogIm1hbmRhdG9yeSIsCiAgICAgICJpbnRlZ3JpdHlTaWduYXR1cmVzIjogZmFsc2UsCiAgICAgICJ1c2VyVmVyaWZpY2F0aW9uIjogWwogICAgICAgICJyZXF1aXJlZCIsCiAgICAgICAgInByZWZlcnJlZCIsCiAgICAgICAgImRpc2NvdXJhZ2VkIgogICAgICBdLAogICAgICAidXNlclByZXNlbmNlVGltZW91dCI6IDAsCiAgICAgICJhbGxvd2VkQWFndWlkcyI6IFsKICAgICAgICAiYWxsIgogICAgICBdLAogICAgICAiand0S2V5VmFsaWRpdHkiOiAzNjUsCiAgICAgICJqd3RSZW5ld2FsV2luZG93IjogMzAKICAgIH0sCiAgICAiYWxnb3JpdGhtcyI6IHsKICAgICAgImN1cnZlcyI6IFsKICAgICAgICAic2VjcDI1NnIxIiwKICAgICAgICAic2VjcDM4NHIxIiwKICAgICAgICAic2VjcDUyMXIxIiwKICAgICAgICAiY3VydmUyNTUxOSIKICAgICAgXSwKICAgICAgInJzYSI6IFsKICAgICAgICAicnNhc3NhLXBrY3MxLXYxXzUtc2hhMjU2IiwKICAgICAgICAicnNhc3NhLXBrY3MxLXYxXzUtc2hhMzg0IiwKICAgICAgICAicnNhc3NhLXBrY3MxLXYxXzUtc2hhNTEyIiwKICAgICAgICAicnNhc3NhLXBzcy1zaGEyNTYiLAogICAgICAgICJyc2Fzc2EtcHNzLXNoYTM4NCIsCiAgICAgICAgInJzYXNzYS1wc3Mtc2hhNTEyIgogICAgICBdLAogICAgICAic2lnbmF0dXJlcyI6IFsKICAgICAgICAiZWNkc2EtcDI1Ni1zaGEyNTYiLAogICAgICAgICJlY2RzYS1wMzg0LXNoYTM4NCIsCiAgICAgICAgImVjZHNhLXA1MjEtc2hhNTEyIiwKICAgICAgICAiZWRkc2EiLAogICAgICAgICJlY2RzYS1wMjU2ay1zaGEyNTYiCiAgICAgIF0KICAgIH0sCiAgICAiYXR0ZXN0YXRpb24iOiB7CiAgICAgICJjb252ZXlhbmNlIjogWwogICAgICAgICJub25lIiwKICAgICAgICAiaW5kaXJlY3QiLAogICAgICAgICJkaXJlY3QiLAogICAgICAgICJlbnRlcnByaXNlIgogICAgICBdLAogICAgICAiZm9ybWF0cyI6IFsKICAgICAgICAiZmlkby11MmYiLAogICAgICAgICJwYWNrZWQiLAogICAgICAgICJ0cG0iLAogICAgICAgICJhbmRyb2lkLWtleSIsCiAgICAgICAgImFuZHJvaWQtc2FmZXR5bmV0IiwKICAgICAgICAibm9uZSIKICAgICAgXQogICAgfSwKICAgICJyZWdpc3RyYXRpb24iOiB7CiAgICAgICJkaXNwbGF5TmFtZSI6ICJyZXF1aXJlZCIsCiAgICAgICJhdHRhY2htZW50IjogWwogICAgICAgICJwbGF0Zm9ybSIsCiAgICAgICAgImNyb3NzLXBsYXRmb3JtIgogICAgICBdLAogICAgICAicmVzaWRlbnRLZXkiOiBbCiAgICAgICAgInJlcXVpcmVkIiwKICAgICAgICAicHJlZmVycmVkIiwKICAgICAgICAiZGlzY291cmFnZWQiCiAgICAgIF0sCiAgICAgICJleGNsdWRlQ3JlZGVudGlhbHMiOiAiZW5hYmxlZCIKICAgIH0sCiAgICAiYXV0aGVudGljYXRpb24iOiB7CiAgICAgICJhbGxvd0NyZWRlbnRpYWxzIjogImVuYWJsZWQiCiAgICB9LAogICAgImF1dGhvcml6YXRpb24iOiB7CiAgICAgICJtYXhkYXRhTGVuZ3RoIjogMjU2LAogICAgICAicHJlc2VydmUiOiB0cnVlCiAgICB9LAogICAgInJwIjogewogICAgICAiaWQiOiAic3Ryb25na2V5LmNvbSIsCiAgICAgICJuYW1lIjogIkZJRE9TZXJ2ZXIiCiAgICB9LAogICAgImV4dGVuc2lvbnMiOiB7CiAgICAgICJleGFtcGxlLmV4dGVuc2lvbiI6IHRydWUKICAgIH0sCiAgICAiand0IjogewogICAgICAiYWxnb3JpdGhtcyI6IFsKICAgICAgICAiRVMyNTYiLAogICAgICAgICJFUzM4NCIsCiAgICAgICAgIkVTNTIxIgogICAgICBdLAogICAgICAiZHVyYXRpb24iOiAzMCwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJycGlkIiwKICAgICAgICAiaWF0IiwKICAgICAgICAiZXhwIiwKICAgICAgICAiY2lwIiwKICAgICAgICAidW5hbWUiLAogICAgICAgICJhZ2VudCIKICAgICAgXSwKICAgICAgInNpZ25pbmdDZXJ0cyI6IHsKICAgICAgICAiRE4iOiAiQ049U3Ryb25nS2V5IEtleSBBcHBsaWFuY2UsTz1TdHJvbmdLZXkiLAogICAgICAgICJjZXJ0c1BlclNlcnZlciI6IDIKICAgICAgfQogICAgfQogIH0KfQ==| base64 decode
On my FIDO server, the JSON output is "pretty printed" (from https://duckduckgo.com/?t=ffab&q=pretty+print+json&ia=answer), so I won't print it here (for now).
Copy this output into a text editor (I used textedit on Linux, but any editor will work), replace strongkey.com with fidopayme.com and then with a Find & Replace function, escape all the double-quotes as follows:
{
\"FidoPolicy\": {
\"name\": \"DefaultPolicy\",
\"copyright\": \"\",
\"version\": \"1.0\",
\"startDate\": \"1606957205\",
\"endDate\": \"1760103870871\",
\"system\": {
\"requireCounter\": \"mandatory\",
\"integritySignatures\": false,
\"userVerification\": [
\"required\",
\"preferred\",
\"discouraged\"
],
\"userPresenceTimeout\": 0,
\"allowedAaguids\": [
\"all\"
],
\"jwtKeyValidity\": 365,
\"jwtRenewalWindow\": 30
},
\"algorithms\": {
\"curves\": [
\"secp256r1\",
\"secp384r1\",
\"secp521r1\",
\"curve25519\"
],
\"rsa\": [
\"rsassa-pkcs1-v1_5-sha256\",
\"rsassa-pkcs1-v1_5-sha384\",
\"rsassa-pkcs1-v1_5-sha512\",
\"rsassa-pss-sha256\",
\"rsassa-pss-sha384\",
\"rsassa-pss-sha512\"
],
\"signatures\": [
\"ecdsa-p256-sha256\",
\"ecdsa-p384-sha384\",
\"ecdsa-p521-sha512\",
\"eddsa\",
\"ecdsa-p256k-sha256\"
]
},
\"attestation\": {
\"conveyance\": [
\"none\",
\"indirect\",
\"direct\",
\"enterprise\"
],
\"formats\": [
\"fido-u2f\",
\"packed\",
\"tpm\",
\"android-key\",
\"android-safetynet\",
\"none\"
]
},
\"registration\": {
\"displayName\": \"required\",
\"attachment\": [
\"platform\",
\"cross-platform\"
],
\"residentKey\": [
\"required\",
\"preferred\",
\"discouraged\"
],
\"excludeCredentials\": \"enabled\"
},
\"authentication\": {
\"allowCredentials\": \"enabled\"
},
\"authorization\": {
\"maxdataLength\": 256,
\"preserve\": true
},
\"rp\": {
\"id\": \"fidopayme.com\",
\"name\": \"FIDOServer\"
},
\"extensions\": {
\"example.extension\": true
},
\"jwt\": {
\"algorithms\": [
\"ES256\",
\"ES384\",
\"ES521\"
],
\"duration\": 30,
\"required\": [
\"rpid\",
\"iat\",
\"exp\",
\"cip\",
\"uname\",
\"agent\"
],
\"signingCerts\": {
\"DN\": \"CN=StrongKey Key Appliance,O=StrongKey\",
\"certsPerServer\": 2
}
}
}
}
Copy the modified JSON, and update the FIDO policy as follows - don't forget to use the correct policy ID when doing the update:
java -jar skfsclient.jar PP https://fido.noorhome.net 1 REST PASSWORD fidoadminuser ********* 1 2 "Active" "Changed strongkey.com to fidopayme.com" "{
\"FidoPolicy\": {
\"name\": \"DefaultPolicy\",
.............
\"rp\": {
\"id\": "fidopayme.com\",
\"name\": "FIDOServer\"
},
.............
}"
Once you get a response with no errors, your new policy should be effective. You can test retrieving the policy again with the GP option to see if the database was updated. You can also view server logs with a tsl shell alias that tails the server.log file to show you errors, if any.
At this point, you should register a new credential before you test the authenticate webservice again. This is because your original credential (anders) got registered with the strongkey.com RPID, so it will not work with the fidopayme.com RPID in your policy. With a new credential, the registration as well as authentication with fidopayme.com will work correctly.
NOTE: Technically, you can still test the authenticate webservice with the anders credential by simply supplying https://strongkey.com as the RPID parameter on the command line. Since there is no web-application server that is forcing the test of the origin the client application is connected to, any RPID you send from skfsclient.jar will be accepted for evaluation by the FIDO server.
Let us know if that helps.
Thanx Arshad! I just switched to strongkey.com and it worked as a charm. I am little bit puzzled by the fact that registration wasn't rejected since it also refers to the wrong policy. Note: I'm total n00b on FIDO servers...
You're welcome Anders. Although, we should thank you because I think you stumbled onto a bug that we need to fix. The policy module is a new feature, so its going through the usual shake-down before settling.
If fidopayme.com is a real DNS name, I would recommend using that if you plan to continue building on your payment protocol for demonstration on the internet.
On 4/4/21 10:55 PM, Anders Rundgren wrote:
Thanx Arshad! I just switched to strongkey.com and it worked as a charm. I am little bit puzzled by the fact that registration wasn't rejected since it also refers to the wrong policy. Note: I'm total n00b on FIDO servers...
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/StrongKey/fido2/issues/97#issuecomment-813203575, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALLPGO22XEENEFGAINAJZ3DTHFGGPANCNFSM42KPBJGA.
HI @cyberphone , We have fixed the RPID check bug and uploaded a new distribution which should have the right check.
You can either deploy a new fido server instance or just extract the contents from inside the distribution and undeploy and deploy the new version (as 'strongkey' user) 1) asadmin undeploy fidoserver; 2) sudo service glassfishd restart 3) asadmin deploy fidoserver.ear
@push2085 Great job guys!
I installed the most recent server which also contains the skfsclient. I managed registering a key but it fails on authentication: Steps to reproduce the behavior:
demo@fidopayme:/usr/local/strongkey/skfsclient$ java -jar skfsclient.jar R https://fidopayme.com:8181 1 REST HMAC 162a5684336fa6e7 7edd81de1baab6ebcc76ebe3e38f41f4 anders https://fidopayme.com:8181
Copyright (c) 2001-2021 StrongAuth, Inc. All rights reserved.
REST Registration test with HMAC
preregjson = {"svcinfo":{"did":1,"protocol":"FIDO2_0","authtype":"HMAC"},"payload":{"username":"anders","displayname":"anders","options":{"attestation":"direct"},"extensions":"{}"}}
Calling preregister @ https://fidopayme.com:8181/skfs/rest/preregister Response : {"Response":{"rp":{"name":"FIDOServer","id":"strongkey.com"},"user":{"name":"anders","id":"9beq_6C2uLtsEYZQqo-Kx6uzp0haSP46xJvbyQsZqy8","displayName":"anders"},"challenge":"FqCUTIPL9j9mT8xJSzlxHQ","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-8},{"type":"public-key","alg":-43},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39}],"excludeCredentials":[],"attestation":"direct"}}
Pre-Registration Complete.
Generating Registration response...
BASIC
o2hhdXRoRGF0YVkBNFp0wa1dnSNp2LaVgMzq81RzJMHxAuOncRw-FNUT_SijRQAAAAAAAAAAAAAAAAAAAAAAAAAAALA5nRUxichn40SBRurQeyppm2GBPt4OpXtJ52RyhLFf5AC09AN7AyZ8vB8-QIFAc-Jiz7DjliSSK4qIWXmJRBMSqQ37uSr-mlXe_RpUDDgANrNdJ1wHwcYjzWhe1iVB42yCNaOwLKzLzoZb6NOqZI3QvautkFC9shee3OVVpIlN0j3NprcSW7MCKIfLmX4KbV7I3HcSORg9QUOus_ptNMInVf7Ra7l0VH73REohjVhL66UBAgMmIAEhWCCQ5W1pk-tTQ3hnHkQOcrkLB8B3bsbvegGq5nshiWiPFCJYIAwkGme_XC8aox-b4kH6ZpnhxO5fCeq3ayIje-gDXXJYY2ZtdGZwYWNrZWRnYXR0U3RtdKNjYWxnJmNzaWdYSDBGAiEA7i41-6FtJ8C6idAB9PloEjW80721SGErhxw54cvYqpkCIQCkz8FVRZjoweV1KrsmShTFxPxyA0Ym__h9CqfSjYHmC2N4NWOBWQHkMIIB4DCCAYOgAwIBAgIEbCtY8jAMBggqhkjOPQQDAgUAMGQxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5TdHJvbmdBdXRoIEluYzEiMCAGA1UECxMZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEYMBYGA1UEAwwPQXR0ZXN0YXRpb25fS2V5MB4XDTE5MDcxODE3MTEyN1oXDTI5MDcxNTE3MTEyN1owZDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlN0cm9uZ0F1dGggSW5jMSIwIAYDVQQLExlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMRgwFgYDVQQDDA9BdHRlc3RhdGlvbl9LZXkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQx9IY-uvfEvZ9HaJX3yaYmOqSIYQxS3Oi3Ed7iw4zXGR5C4RaKyOQeIu1hK2QCgoq210KjwNFU3TpsqAMZLZmFoyEwHzAdBgNVHQ4EFgQUNELQ4HBDjTWzj9E0Z719E4EeLxgwDAYIKoZIzj0EAwIFAANJADBGAiEA7RbR2NCtyMQwiyGGOADy8rDHjNFPlZG8Ip9kr9iAKisCIQCi3cNAFjTL03-sk7C1lij7JQ6mO7rhfdDMfDXSjegwuQ
o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgIE6moeGFDyi2fJQt0RY7xcNqicRg_O7Cc0e1mfMM8mYCIBPwwe7FLV0lLg8RCNCPZe0Jq64qlEFAFjyyhairsZmTY3g1Y4FZAeQwggHgMIIBg6ADAgECAgRsK1jyMAwGCCqGSM49BAMCBQAwZDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlN0cm9uZ0F1dGggSW5jMSIwIAYDVQQLExlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMRgwFgYDVQQDDA9BdHRlc3RhdGlvbl9LZXkwHhcNMTkwNzE4MTcxMTI3WhcNMjkwNzE1MTcxMTI3WjBkMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOU3Ryb25nQXV0aCBJbmMxIjAgBgNVBAsTGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xGDAWBgNVBAMMD0F0dGVzdGF0aW9uX0tleTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDH0hj6698S9n0dolffJpiY6pIhhDFLc6LcR3uLDjNcZHkLhForI5B4i7WErZAKCirbXQqPA0VTdOmyoAxktmYWjITAfMB0GA1UdDgQWBBQ0QtDgcEONNbOP0TRnvX0TgR4vGDAMBggqhkjOPQQDAgUAA0kAMEYCIQDtFtHY0K3IxDCLIYY4APLysMeM0U-Vkbwin2Sv2IAqKwIhAKLdw0AWNMvTf6yTsLWWKPslDqY7uuF90Mx8NdKN6DC5aGF1dGhEYXRhWQE0WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKNFAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDmdFTGJyGfjRIFG6tB7KmmbYYE-3g6le0nnZHKEsV_kALT0A3sDJny8Hz5AgUBz4mLPsOOWJJIriohZeYlEExKpDfu5Kv6aVd79GlQMOAA2s10nXAfBxiPNaF7WJUHjbII1o7AsrMvOhlvo06pkjdC9q62QUL2yF57c5VWkiU3SPc2mtxJbswIoh8uZfgptXsjcdxI5GD1BQ66z-m00widV_tFruXRUfvdESiGNWEvrpQECAyYgASFYIJDlbWmT61NDeGceRA5yuQsHwHduxu96AarmeyGJaI8UIlggDCQaZ79cLxqjH5viQfpmmeHE7l8J6rdrIiN76ANdclg
Simulator Response : id = OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s rawId = OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s response = attestationObject = o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgIE6moeGFDyi2fJQt0RY7xcNqicRg_O7Cc0e1mfMM8mYCIBPwwe7FLV0lLg8RCNCPZe0Jq64qlEFAFjyyhairsZmTY3g1Y4FZAeQwggHgMIIBg6ADAgECAgRsK1jyMAwGCCqGSM49BAMCBQAwZDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlN0cm9uZ0F1dGggSW5jMSIwIAYDVQQLExlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMRgwFgYDVQQDDA9BdHRlc3RhdGlvbl9LZXkwHhcNMTkwNzE4MTcxMTI3WhcNMjkwNzE1MTcxMTI3WjBkMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOU3Ryb25nQXV0aCBJbmMxIjAgBgNVBAsTGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xGDAWBgNVBAMMD0F0dGVzdGF0aW9uX0tleTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDH0hj6698S9n0dolffJpiY6pIhhDFLc6LcR3uLDjNcZHkLhForI5B4i7WErZAKCirbXQqPA0VTdOmyoAxktmYWjITAfMB0GA1UdDgQWBBQ0QtDgcEONNbOP0TRnvX0TgR4vGDAMBggqhkjOPQQDAgUAA0kAMEYCIQDtFtHY0K3IxDCLIYY4APLysMeM0U-Vkbwin2Sv2IAqKwIhAKLdw0AWNMvTf6yTsLWWKPslDqY7uuF90Mx8NdKN6DC5aGF1dGhEYXRhWQE0WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKNFAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDmdFTGJyGfjRIFG6tB7KmmbYYE-3g6le0nnZHKEsV_kALT0A3sDJny8Hz5AgUBz4mLPsOOWJJIriohZeYlEExKpDfu5Kv6aVd79GlQMOAA2s10nXAfBxiPNaF7WJUHjbII1o7AsrMvOhlvo06pkjdC9q62QUL2yF57c5VWkiU3SPc2mtxJbswIoh8uZfgptXsjcdxI5GD1BQ66z-m00widV_tFruXRUfvdESiGNWEvrpQECAyYgASFYIJDlbWmT61NDeGceRA5yuQsHwHduxu96AarmeyGJaI8UIlggDCQaZ79cLxqjH5viQfpmmeHE7l8J6rdrIiN76ANdclg clientDataJSON = eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiRnFDVVRJUEw5ajltVDh4SlN6bHhIUSIsIm9yaWdpbiI6Imh0dHBzOi8vZmlkb3BheW1lLmNvbTo4MTgxIn0 type = public-key
Finished Generating Registration Response.
Registering ... regjson = {"svcinfo":{"did":1,"protocol":"FIDO2_0","authtype":"HMAC"},"payload":{"publicKeyCredential":{"id":"OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s","rawId":"OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s","response":{"attestationObject":"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgIE6moeGFDyi2fJQt0RY7xcNqicRg_O7Cc0e1mfMM8mYCIBPwwe7FLV0lLg8RCNCPZe0Jq64qlEFAFjyyhairsZmTY3g1Y4FZAeQwggHgMIIBg6ADAgECAgRsK1jyMAwGCCqGSM49BAMCBQAwZDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlN0cm9uZ0F1dGggSW5jMSIwIAYDVQQLExlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMRgwFgYDVQQDDA9BdHRlc3RhdGlvbl9LZXkwHhcNMTkwNzE4MTcxMTI3WhcNMjkwNzE1MTcxMTI3WjBkMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOU3Ryb25nQXV0aCBJbmMxIjAgBgNVBAsTGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xGDAWBgNVBAMMD0F0dGVzdGF0aW9uX0tleTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDH0hj6698S9n0dolffJpiY6pIhhDFLc6LcR3uLDjNcZHkLhForI5B4i7WErZAKCirbXQqPA0VTdOmyoAxktmYWjITAfMB0GA1UdDgQWBBQ0QtDgcEONNbOP0TRnvX0TgR4vGDAMBggqhkjOPQQDAgUAA0kAMEYCIQDtFtHY0K3IxDCLIYY4APLysMeM0U-Vkbwin2Sv2IAqKwIhAKLdw0AWNMvTf6yTsLWWKPslDqY7uuF90Mx8NdKN6DC5aGF1dGhEYXRhWQE0WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKNFAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDmdFTGJyGfjRIFG6tB7KmmbYYE-3g6le0nnZHKEsV_kALT0A3sDJny8Hz5AgUBz4mLPsOOWJJIriohZeYlEExKpDfu5Kv6aVd79GlQMOAA2s10nXAfBxiPNaF7WJUHjbII1o7AsrMvOhlvo06pkjdC9q62QUL2yF57c5VWkiU3SPc2mtxJbswIoh8uZfgptXsjcdxI5GD1BQ66z-m00widV_tFruXRUfvdESiGNWEvrpQECAyYgASFYIJDlbWmT61NDeGceRA5yuQsHwHduxu96AarmeyGJaI8UIlggDCQaZ79cLxqjH5viQfpmmeHE7l8J6rdrIiN76ANdclg","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiRnFDVVRJUEw5ajltVDh4SlN6bHhIUSIsIm9yaWdpbiI6Imh0dHBzOi8vZmlkb3BheW1lLmNvbTo4MTgxIn0"},"type":"public-key"},"strongkeyMetadata":{"version":"1.0","create_location":"Sunnyvale, CA","username":"anders","origin":"https://fidopayme.com:8181"}}} payload = {"publicKeyCredential":{"id":"OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s","rawId":"OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s","response":{"attestationObject":"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgIE6moeGFDyi2fJQt0RY7xcNqicRg_O7Cc0e1mfMM8mYCIBPwwe7FLV0lLg8RCNCPZe0Jq64qlEFAFjyyhairsZmTY3g1Y4FZAeQwggHgMIIBg6ADAgECAgRsK1jyMAwGCCqGSM49BAMCBQAwZDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlN0cm9uZ0F1dGggSW5jMSIwIAYDVQQLExlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMRgwFgYDVQQDDA9BdHRlc3RhdGlvbl9LZXkwHhcNMTkwNzE4MTcxMTI3WhcNMjkwNzE1MTcxMTI3WjBkMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOU3Ryb25nQXV0aCBJbmMxIjAgBgNVBAsTGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xGDAWBgNVBAMMD0F0dGVzdGF0aW9uX0tleTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDH0hj6698S9n0dolffJpiY6pIhhDFLc6LcR3uLDjNcZHkLhForI5B4i7WErZAKCirbXQqPA0VTdOmyoAxktmYWjITAfMB0GA1UdDgQWBBQ0QtDgcEONNbOP0TRnvX0TgR4vGDAMBggqhkjOPQQDAgUAA0kAMEYCIQDtFtHY0K3IxDCLIYY4APLysMeM0U-Vkbwin2Sv2IAqKwIhAKLdw0AWNMvTf6yTsLWWKPslDqY7uuF90Mx8NdKN6DC5aGF1dGhEYXRhWQE0WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKNFAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDmdFTGJyGfjRIFG6tB7KmmbYYE-3g6le0nnZHKEsV_kALT0A3sDJny8Hz5AgUBz4mLPsOOWJJIriohZeYlEExKpDfu5Kv6aVd79GlQMOAA2s10nXAfBxiPNaF7WJUHjbII1o7AsrMvOhlvo06pkjdC9q62QUL2yF57c5VWkiU3SPc2mtxJbswIoh8uZfgptXsjcdxI5GD1BQ66z-m00widV_tFruXRUfvdESiGNWEvrpQECAyYgASFYIJDlbWmT61NDeGceRA5yuQsHwHduxu96AarmeyGJaI8UIlggDCQaZ79cLxqjH5viQfpmmeHE7l8J6rdrIiN76ANdclg","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiRnFDVVRJUEw5ajltVDh4SlN6bHhIUSIsIm9yaWdpbiI6Imh0dHBzOi8vZmlkb3BheW1lLmNvbTo4MTgxIn0"},"type":"public-key"},"strongkeyMetadata":{"version":"1.0","create_location":"Sunnyvale, CA","username":"anders","origin":"https://fidopayme.com:8181"}}
Calling register @ https://fidopayme.com:8181/skfs/rest/register Response : {"Response":"Successfully processed registration response"}
Registration Complete.
Done with Register!
demo@fidopayme:/usr/local/strongkey/skfsclient$ java -jar skfsclient.jar A https://fidopayme.com:8181 1 REST HMAC 162a5684336fa6e7 7edd81de1baab6ebcc76ebe3e38f41f4 anders https://fidopayme.com:8181 1
Copyright (c) 2001-2021 StrongAuth, Inc. All rights reserved.
REST Authentication test with HMAC
preauthjson = {"svcinfo":{"did":1,"protocol":"FIDO2_0","authtype":"HMAC"},"payload":{"username":"anders","options":{}}}
Calling preauthenticate @ https://fidopayme.com:8181/skfs/rest/preauthenticate Response : {"Response":{"challenge":"H7DNJ_jO7MpLIFc8PEA2uw","allowCredentials":[{"type":"public-key","id":"OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s","alg":-7}],"rpId":"strongkey.com"}}
Pre-Authentication Complete.
Generating Authentication response...
Simulator Response : id = OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s rawId = OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s response = authenticatorData = WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKMBAAAAAQ signature = MEQCIBeyiFlKYHeehJSszyyfpNnLfSHvXbJzWShu8agL-nwJAiAOa5jBwOUijkezfdHQQjnXWMHzap2Syij612_IFjMLaw userHandle = clientDataJSON = eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiSDdETkpfak83TXBMSUZjOFBFQTJ1dyIsIm9yaWdpbiI6Imh0dHBzOi8vZmlkb3BheW1lLmNvbTo4MTgxIn0 type = public-key
Finished Generating Authentication Response.
Authenticating ... authjson = {"svcinfo":{"did":1,"protocol":"FIDO2_0","authtype":"HMAC"},"payload":{"publicKeyCredential":{"id":"OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s","rawId":"OZ0VMYnIZ-NEgUbq0HsqaZthgT7eDqV7SedkcoSxX-QAtPQDewMmfLwfPkCBQHPiYs-w45YkkiuKiFl5iUQTEqkN-7kq_ppV3v0aVAw4ADazXSdcB8HGI81oXtYlQeNsgjWjsCysy86GW-jTqmSN0L2rrZBQvbIXntzlVaSJTdI9zaa3EluzAiiHy5l-Cm1eyNx3EjkYPUFDrrP6bTTCJ1X-0Wu5dFR-90RKIY1YS-s","response":{"authenticatorData":"WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKMBAAAAAQ","signature":"MEQCIBeyiFlKYHeehJSszyyfpNnLfSHvXbJzWShu8agL-nwJAiAOa5jBwOUijkezfdHQQjnXWMHzap2Syij612_IFjMLaw","userHandle":"","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiSDdETkpfak83TXBMSUZjOFBFQTJ1dyIsIm9yaWdpbiI6Imh0dHBzOi8vZmlkb3BheW1lLmNvbTo4MTgxIn0"},"type":"public-key"},"strongkeyMetadata":{"version":"1.0","last_used_location":"Sunnyvale, CA","username":"anders","origin":"https://fidopayme.com:8181"}}}
Calling authenticate @ https://fidopayme.com:8181/skfs/rest/authenticate Error during authorize : 400 {"Response":"FIDO-ERR-2001: FIDO 2 Error Message : {0} RPID Hash invalid'"}
Done with Authenticate!
demo@fidopayme:/usr/local/strongkey/skfsclient$