fixes for configuring u2f device

src/Core/Core.csproj

@@ -49,13 +49,14 @@
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.1.2" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.1.2" />
     <PackageReference Include="Newtonsoft.Json" Version="10.0.2" />
+    <PackageReference Include="Portable.BouncyCastle" Version="1.8.1.2" />
     <PackageReference Include="RazorLight" Version="1.1.0" />
     <PackageReference Include="Sendgrid" Version="9.2.0" />
     <PackageReference Include="PushSharp" Version="4.0.10" />
     <PackageReference Include="Serilog.Extensions.Logging" Version="1.4.0" />
     <PackageReference Include="Serilog.Sinks.AzureDocumentDB" Version="3.6.1" />
     <PackageReference Include="Stripe.net" Version="7.8.0" />
-    <PackageReference Include="U2F.Core" Version="1.0.1" />
+    <PackageReference Include="u2flib" Version="1.0.5" />
     <PackageReference Include="WindowsAzure.Storage" Version="8.1.1" />
     <PackageReference Include="Otp.NET" Version="1.0.1" />
     <PackageReference Include="YubicoDotNetClient" Version="1.0.0" />

src/Core/GlobalSettings.cs

@@ -4,6 +4,7 @@
     {
         public virtual string SiteName { get; set; }
         public virtual string BaseVaultUri { get; set; }
+        public virtual string BaseApiUri { get; set; }
         public virtual string JwtSigningKey { get; set; }
         public virtual string StripeApiKey { get; set; }
         public virtual SqlServerSettings SqlServer { get; set; } = new SqlServerSettings();

src/Core/Identity/U2fTokenProvider.cs

@@ -5,12 +5,13 @@ using Bit.Core.Enums;
 using Bit.Core.Models;
 using Bit.Core.Services;
 using Bit.Core.Repositories;
-using U2F.Core.Models;
-using U2fLib = U2F.Core.Crypto.U2F;
 using Newtonsoft.Json;
 using System.Collections.Generic;
 using System.Linq;
-using U2F.Core.Exceptions;
+using u2flib.Data;
+using u2flib;
+using u2flib.Data.Messages;
+using u2flib.Exceptions;
 
 namespace Bit.Core.Identity
 {
@@ -65,7 +66,7 @@ namespace Bit.Core.Identity
             {
                 var registration = new DeviceRegistration(key.KeyHandleBytes, key.PublicKeyBytes,
                     key.CertificateBytes, key.Counter);
-                var auth = U2fLib.StartAuthentication(_globalSettings.U2f.AppId, registration);
+                var auth = U2F.StartAuthentication(Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings), registration);
 
                 // Maybe move this to a bulk create when we support more than 1 key?
                 await _u2fRepository.CreateAsync(new U2f
@@ -116,7 +117,7 @@ namespace Bit.Core.Identity
                 return false;
             }
 
-            var authenticateResponse = BaseModel.FromJson<AuthenticateResponse>(token);
+            var authenticateResponse = DataObject.FromJson<AuthenticateResponse>(token);
             var key = keys.FirstOrDefault(f => f.KeyHandle == authenticateResponse.KeyHandle);
 
             if(key == null)
@@ -139,7 +140,7 @@ namespace Bit.Core.Identity
             try
             {
                 var auth = new StartedAuthentication(challenge.Challenge, challenge.AppId, challenge.KeyHandle);
-                U2fLib.FinishAuthentication(auth, authenticateResponse, registration);
+                U2F.FinishAuthentication(auth, authenticateResponse, registration);
             }
             catch(U2fException)
             {

src/Core/Models/Api/Response/TwoFactor/TwoFactorU2fResponseModel.cs

@@ -19,7 +19,7 @@ namespace Bit.Core.Models.Api
             {
                 Challenge = new ChallengeModel(user, registration);
             }
-            Enabled = provider.Enabled;
+            Enabled = provider?.Enabled ?? false;
         }
 
         public TwoFactorU2fResponseModel(User user)

src/Core/Models/TwoFactorProvider.cs

@@ -1,6 +1,6 @@
 using System;
 using System.Collections.Generic;
-using U2F.Core.Utils;
+using u2flib.Util;
 
 namespace Bit.Core.Models
 {

src/Core/Services/Implementations/UserService.cs

@@ -10,11 +10,12 @@ using System.Linq;
 using Microsoft.AspNetCore.Builder;
 using Bit.Core.Enums;
 using System.Security.Claims;
-using U2fLib = U2F.Core.Crypto.U2F;
-using U2F.Core.Models;
 using Bit.Core.Models;
 using Bit.Core.Models.Business;
-using U2F.Core.Utils;
+using u2flib.Data.Messages;
+using u2flib.Util;
+using u2flib;
+using u2flib.Data;
 
 namespace Bit.Core.Services
 {
@@ -219,7 +220,7 @@ namespace Bit.Core.Services
         public async Task<U2fRegistration> StartU2fRegistrationAsync(User user)
         {
             await _u2fRepository.DeleteManyByUserIdAsync(user.Id);
-            var reg = U2fLib.StartRegistration(_globalSettings.U2f.AppId);
+            var reg = U2F.StartRegistration(Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings));
             await _u2fRepository.CreateAsync(new U2f
             {
                 AppId = reg.AppId,
@@ -249,11 +250,11 @@ namespace Bit.Core.Services
                 return false;
             }
 
-            var registerResponse = BaseModel.FromJson<RegisterResponse>(deviceResponse);
+            var registerResponse = DataObject.FromJson<RegisterResponse>(deviceResponse);
 
             var challenge = challenges.OrderBy(i => i.Id).Last(i => i.KeyHandle == null);
             var statedReg = new StartedRegistration(challenge.Challenge, challenge.AppId);
-            var reg = U2fLib.FinishRegistration(statedReg, registerResponse);
+            var reg = U2F.FinishRegistration(statedReg, registerResponse);
 
             await _u2fRepository.DeleteManyByUserIdAsync(user.Id);
 

src/Core/Utilities/CoreHelpers.cs

@@ -119,5 +119,11 @@ namespace Bit.Core.Utilities
         {
             return _epoc.AddMilliseconds(milliseconds);
         }
+
+        public static string U2fAppIdUrl(GlobalSettings globalSettings)
+        {
+            //return $"{globalSettings.BaseApiUri}app-id.json";
+            return globalSettings.U2f.AppId;
+        }
     }
 }