Skip to content

Commit 435a288

Browse files
abergsabergs
committed
Simplify UVP
1 parent 1c0c871 commit 435a288

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

Src/Fido2/AuthenticatorAssertionResponse.cs

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -126,16 +126,16 @@ public async Task<VerifyAssertionResult> VerifyAsync(
126126
if (!authData.RpIdHash.SequenceEqual(hashedRpId))
127127
throw new Fido2VerificationException(Fido2ErrorCode.InvalidRpidHash, Fido2ErrorMessages.InvalidRpidHash);
128128

129-
if (options.UserVerification is UserVerificationRequirement.Required)
130-
{
131-
// 14. Verify that the UP bit of the flags in authData is set.
132-
if (!authData.UserPresent)
133-
throw new Fido2VerificationException(Fido2ErrorCode.UserPresentFlagNotSet, Fido2ErrorMessages.UserPresentFlagNotSet);
134-
135-
// 15. If the Relying Party requires user verification for this assertion, verify that the UV bit of the flags in authData is set.
136-
if (!authData.UserVerified)
137-
throw new Fido2VerificationException(Fido2ErrorCode.UserVerificationRequirementNotMet, Fido2ErrorMessages.UserVerificationRequirementNotMet);
138-
}
129+
var conformanceTesting = metadataService != null && metadataService.ConformanceTesting();
130+
131+
// 14. Verify that the UP bit of the flags in authData is set.
132+
// Todo: Conformance testing verifies the UVP flags differently than W3C spec, simplify this by removing the mention of conformanceTesting when conformance tools are updated)
133+
if (!authData.UserPresent && !conformanceTesting)
134+
throw new Fido2VerificationException(Fido2ErrorCode.UserPresentFlagNotSet, Fido2ErrorMessages.UserPresentFlagNotSet);
135+
136+
// 15. If the Relying Party requires user verification for this assertion, verify that the UV bit of the flags in authData is set.
137+
if (options.UserVerification is UserVerificationRequirement.Required && !authData.UserVerified)
138+
throw new Fido2VerificationException(Fido2ErrorCode.UserVerificationRequirementNotMet, Fido2ErrorMessages.UserVerificationRequirementNotMet);
139139

140140
// 16. If the credential backup state is used as part of Relying Party business logic or policy, let currentBe and currentBs be the values of the BE and BS bits, respectively, of the flags in authData.
141141
// Compare currentBe and currentBs with credentialRecord.BE and credentialRecord.BS and apply Relying Party policy, if any.

0 commit comments

Comments
 (0)