fido2.attestation.base
Exceptions
Base exception for attestation-related errors. |
|
Attestation contains invalid data. |
|
The signature of the attestation could not be verified. |
|
The CA of the attestation is not trusted. |
|
The attestation format is not supported. |
Classes
Supported attestation types. |
|
The result of verifying an attestation. |
|
Implements verification of a specific attestation type. |
|
Implements verification of a specific attestation type. |
|
Implements verification of a specific attestation type. |
|
Base class for verifying attestation. |
Functions
Utility decoractor to wrap common exceptions related to InvalidData. |
|
|
Verifies a chain of certificates. |
Module Contents
- exception fido2.attestation.base.InvalidAttestation[source]
Bases:
ExceptionBase exception for attestation-related errors.
- exception fido2.attestation.base.InvalidData[source]
Bases:
InvalidAttestationAttestation contains invalid data.
- exception fido2.attestation.base.InvalidSignature[source]
Bases:
InvalidAttestationThe signature of the attestation could not be verified.
- exception fido2.attestation.base.UntrustedAttestation[source]
Bases:
InvalidAttestationThe CA of the attestation is not trusted.
- exception fido2.attestation.base.UnsupportedType(auth_data, fmt=None)[source]
Bases:
InvalidAttestationThe attestation format is not supported.
- auth_data
- fmt
- class fido2.attestation.base.AttestationType[source]
Bases:
enum.IntEnumSupported attestation types.
- BASIC = 1
- SELF = 2
- ATT_CA = 3
- ANON_CA = 4
- NONE = 0
- class fido2.attestation.base.AttestationResult[source]
The result of verifying an attestation.
- attestation_type: AttestationType
- fido2.attestation.base.catch_builtins(f)[source]
Utility decoractor to wrap common exceptions related to InvalidData.
- fido2.attestation.base.verify_x509_chain(chain)[source]
Verifies a chain of certificates.
Checks that the first item in the chain is signed by the next, and so on. The first item is the leaf, the last is the root.
- Parameters:
chain (List[bytes])
- Return type:
None
- class fido2.attestation.base.Attestation[source]
Bases:
abc.ABCImplements verification of a specific attestation type.
- abstract verify(statement, auth_data, client_data_hash)[source]
Verifies attestation statement.
- Returns:
An AttestationResult if successful.
- Parameters:
statement (Mapping[str, Any])
auth_data (fido2.webauthn.AuthenticatorData)
client_data_hash (bytes)
- Return type:
- static for_type(fmt)[source]
Get an Attestation subclass type for the given format.
- Parameters:
fmt (str)
- Return type:
Type[Attestation]
- class fido2.attestation.base.UnsupportedAttestation(fmt=None)[source]
Bases:
AttestationImplements verification of a specific attestation type.
- fmt
- class fido2.attestation.base.NoneAttestation[source]
Bases:
AttestationImplements verification of a specific attestation type.
- FORMAT = 'none'
- class fido2.attestation.base.AttestationVerifier(attestation_types=None)[source]
Bases:
abc.ABCBase class for verifying attestation.
Override the ca_lookup method to provide a trusted root certificate used to verify the trust path from the attestation.
- Parameters:
attestation_types (Optional[Sequence[Attestation]])
- abstract ca_lookup(attestation_result, auth_data)[source]
Lookup a CA certificate to be used to verify a trust path.
- Parameters:
attestation_result (AttestationResult) – The result of the attestation
auth_data (fido2.webauthn.AuthenticatorData) – The AuthenticatorData from the registration
- Return type:
Optional[bytes]
- verify_attestation(attestation_object, client_data_hash)[source]
Verify attestation.
- Parameters:
attestation_object (fido2.webauthn.AttestationObject) – dict containing attestation data.
client_data_hash (bytes) – SHA256 hash of the ClientData bytes.
- Return type:
None