Authen::U2F::Tester - FIDO/U2F Authentication Test Client
version 0.01
my $tester = Authen::U2F::Tester->new( cert_file => $certfile, key_file => $keyfile); # # Test a U2F registration # my $app_id = 'https://www.example.com'; my $challenge = Authen::U2F->challenge; my $r = $tester->register($app_id, $challenge); unless ($r->is_success) { die $r->error_message; } print $res->client_data; print $res->registration_data; # the fields in $res can be used to verify the registration using # Authen::U2F my ($handle, $key) = Authen::U2F->registration_verify( challenge => $challenge, app_id => $app_id, origin => $origin, registration_data => $res->registration_data, client_data => $res->client_data); # # Test a U2F Signing request # $r = $tester->sign($app_id, $challenge, $handle); unless ($r->is_success) { die $r->error_message; } print $res->client_data; print $res->signature_data; # verify the signing request with Authen::U2F Authen::U2F->signature_verify( challenge => $challenge, app_id => $app_id, origin => $app_id, key_handle => $handle, key => $key, signature_data => $r->signature_data, client_data => $r->client_data);
This module implements a FIDO/U2F tester that can be used for testing web applications that support FIDO/U2F. Think of this module as a "virtual" U2F security key.
Constructor.
The following arguments are required:
key_file
The location of the private key file.
cert_file
The location of the X.509 certificate file.
X.509
Alternatively, the key and certificate can be passed in directly as objects:
keypair
An Crypt::PK::ECC object.
certificate
An Crypt::OpenSSL::X509 object.
In order to create and use the tester, you will need both an Elliptic Curve keypair, and a SSL X.509 certificate. The key can be generated using OpenSSL:
% openssl ecparam -name secp256r1 -genkey -noout -out key.pem
Then this key can be used to generate a self signed X.509 certificate:
% openssl req -key key.pem -x509 -days 3560 -sh256 \ -subj '/C=US/ST=Texas/O=Untrusted U2F Org/CN=virtual-u2f' \ -out cert.pem
Get the private keypair for this tester.
Get the SSL certificate that this tester uses.
Complete a registration request.
Returns a Authen::U2F::Tester::RegisterResponse on success, or an Authen::U2F::Error object on failure.
Arguments are:
app_id: string
The application id
challenge: string
The challenge parameter, in Base64 URL encoded format
keyhandles: list (optional)
List of already registered keyhandles for the current user, in Base64 URL format.
Example:
my $app_id = 'https://www.example.com'; my $challenge = Authen::U2F->challenge; my $res = $tester->register($app_id, $challenge); unless ($res->is_success) { die $res->error_message; }
Complete a U2F signing request. Returns a Authen::U2F::Tester::SignResponse object on success, Authen::U2F::Error object otherwise.
app_id
The appId value
challenge
keyhandles
List of possible keyhandles, in Base64 URL encoded format
my $app_id = 'https://www.example.com'; my $challenge = Authen::U2F->challenge; my $res = $tester->sign($app_id, $challenge, $keyhandle); unless ($res->is_success) { die $res->error_message; } # signature and client data, which should be sent to relaying party for # verification. print $res->signature_data; print $res->client_data;
Return true if the given $handle was generated by this tester. $handle is a string containing a potential keyhandle, in Base64 URL format.
$handle
The development version is on github at https://github.com/mschout/perl-authen-u2f-tester and may be cloned from git://github.com/mschout/perl-authen-u2f-tester.git
Please report any bugs or feature requests to bug-authen-u2f-tester@rt.cpan.org or through the web interface at: http://rt.cpan.org/Public/Dist/Display.html?Name=Authen-U2F-Tester
Michael Schout <mschout@cpan.org>
This software is copyright (c) 2017 by Michael Schout.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install Authen::U2F::Tester, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Authen::U2F::Tester
CPAN shell
perl -MCPAN -e shell install Authen::U2F::Tester
For more information on module installation, please visit the detailed CPAN module installation guide.