NAME

Authen::U2F::Tester - FIDO/U2F Authentication Test Client

VERSION

version 0.01

SYNOPSIS

 my $tester = Authen::U2F::Tester->new(
     cert_file => $certfile,
     key_file  => $keyfile);

 #
 # Test a U2F registration
 #
 my $app_id = 'https://www.example.com';
 my $challenge = Authen::U2F->challenge;

 my $r = $tester->register($app_id, $challenge);

 unless ($r->is_success) {
     die $r->error_message;
 }

 print $res->client_data;
 print $res->registration_data;

 # the fields in $res can be used to verify the registration using
 # Authen::U2F
 my ($handle, $key) = Authen::U2F->registration_verify(
     challenge         => $challenge,
     app_id            => $app_id,
     origin            => $origin,
     registration_data => $res->registration_data,
     client_data       => $res->client_data);

 #
 # Test a U2F Signing request
 #
 $r = $tester->sign($app_id, $challenge, $handle);

 unless ($r->is_success) {
     die $r->error_message;
 }

 print $res->client_data;
 print $res->signature_data;

 # verify the signing request with Authen::U2F
 Authen::U2F->signature_verify(
     challenge      => $challenge,
     app_id         => $app_id,
     origin         => $app_id,
     key_handle     => $handle,
     key            => $key,
     signature_data => $r->signature_data,
     client_data    => $r->client_data);

DESCRIPTION

This module implements a FIDO/U2F tester that can be used for testing web applications that support FIDO/U2F. Think of this module as a "virtual" U2F security key.

METHODS

new(%args)

Constructor.

The following arguments are required:

key_file

The location of the private key file.
cert_file

The location of the X.509 certificate file.

Alternatively, the key and certificate can be passed in directly as objects:

keypair

An Crypt::PK::ECC object.
certificate

An Crypt::OpenSSL::X509 object.

In order to create and use the tester, you will need both an Elliptic Curve keypair, and a SSL X.509 certificate. The key can be generated using OpenSSL:

 % openssl ecparam -name secp256r1 -genkey -noout -out key.pem

Then this key can be used to generate a self signed X.509 certificate:

 % openssl req -key key.pem -x509 -days 3560 -sh256 \
     -subj '/C=US/ST=Texas/O=Untrusted U2F Org/CN=virtual-u2f' \
     -out cert.pem

keypair(): Crypt::PK::ECC

Get the private keypair for this tester.

certificate(): Crypt::OpenSSL::X509

Get the SSL certificate that this tester uses.

register($app_id, $challenge, @keyhandles): Authen::U2F::Tester::RegisterResponse

Complete a registration request.

Returns a Authen::U2F::Tester::RegisterResponse on success, or an Authen::U2F::Error object on failure.

Arguments are:

app_id: string

The application id
challenge: string

The challenge parameter, in Base64 URL encoded format
keyhandles: list (optional)

List of already registered keyhandles for the current user, in Base64 URL format.

Example:

 my $app_id = 'https://www.example.com';
 my $challenge = Authen::U2F->challenge;

 my $res = $tester->register($app_id, $challenge);

 unless ($res->is_success) {
     die $res->error_message;
 }

sign($app_id, $challenge, @keyhandles)

Complete a U2F signing request. Returns a Authen::U2F::Tester::SignResponse object on success, Authen::U2F::Error object otherwise.

Arguments are:

app_id

The appId value
challenge

The challenge parameter, in Base64 URL encoded format
keyhandles

List of possible keyhandles, in Base64 URL encoded format

Example:

 my $app_id = 'https://www.example.com';
 my $challenge = Authen::U2F->challenge;

 my $res = $tester->sign($app_id, $challenge, $keyhandle);

 unless ($res->is_success) {
     die $res->error_message;
 }

 # signature and client data, which should be sent to relaying party for
 # verification.
 print $res->signature_data;
 print $res->client_data;

is_known_handle($handle): bool

Return true if the given $handle was generated by this tester. $handle is a string containing a potential keyhandle, in Base64 URL format.

SOURCE

The development version is on github at https://github.com/mschout/perl-authen-u2f-tester and may be cloned from git://github.com/mschout/perl-authen-u2f-tester.git

BUGS

Please report any bugs or feature requests to bug-authen-u2f-tester@rt.cpan.org or through the web interface at: http://rt.cpan.org/Public/Dist/Display.html?Name=Authen-U2F-Tester

AUTHOR

Michael Schout <mschout@cpan.org>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install Authen::U2F::Tester, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Authen::U2F::Tester

CPAN shell

perl -MCPAN -e shell
install Authen::U2F::Tester

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)