File: fido2_2.py

package info (click to toggle)
python-proton-vpn-api-core 4.16.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,312 kB
  • sloc: python: 11,057; makefile: 9
file content (70 lines) | stat: -rw-r--r-- 2,507 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
"""
FIDO2 2.x API implementation for ProtonVPN session handling.

Copyright (c) 2025 Proton AG

This file is part of Proton VPN.

Proton VPN is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Proton VPN is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
"""
# pylint: disable=no-name-in-module
from fido2.hid import CtapHidDevice
from fido2.client import (Fido2Client, DefaultClientDataCollector,
                          UserInteraction as Fido2UserInteraction,
                          AssertionSelection)
from fido2.webauthn import (
    PublicKeyCredentialRequestOptions as Options,
    UserVerificationRequirement,
)

from proton.session.api import Fido2AssertionParameters, Fido2Assertion


def create_client(device: CtapHidDevice,
                  origin: str,
                  user_interaction: Fido2UserInteraction) -> Fido2Client:
    """Create a FIDO2 client for the given device."""

    collector = DefaultClientDataCollector(origin)
    return Fido2Client(  # pylint: disable=unexpected-keyword-arg
        device,
        collector,
        user_interaction=user_interaction
    )


def create_options(assertion_parameters: Fido2AssertionParameters) -> Options:
    """Create a FIDO2 options for the given assertion parameters."""

    user_verification = UserVerificationRequirement(
        assertion_parameters.user_verification
    )
    return Options(
        challenge=assertion_parameters.challenge,
        rp_id=assertion_parameters.rp_id,
        allow_credentials=assertion_parameters.allow_credentials,
        user_verification=user_verification
    )


def create_from_client_assertion(assertion: AssertionSelection) -> Fido2Assertion:
    """Create a FIDO2 assertion from the given client assertion."""

    result = assertion.get_response(0)
    return Fido2Assertion(
        client_data=bytes(result.response.client_data),
        authenticator_data=bytes(result.response.authenticator_data),
        signature=bytes(result.response.signature),
        credential_id=result.raw_id
    )