1#!/usr/bin/env python 2# Copyright 2016 Google Inc. All Rights Reserved. 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15 16"""Interface to handle end to end flow of U2F signing.""" 17import sys 18 19 20class BaseAuthenticator(object): 21 """Interface to handle end to end flow of U2F signing.""" 22 23 def Authenticate(self, app_id, challenge_data, 24 print_callback=sys.stderr.write): 25 """Authenticates app_id with a security key. 26 27 Executes the U2F authentication/signature flow with a security key. 28 29 Args: 30 app_id: The app_id to register the security key against. 31 challenge_data: List of dictionaries containing a RegisteredKey ('key') 32 and the raw challenge data ('challenge') for this key. 33 print_callback: Callback to print a message to the user. The callback 34 function takes one argument--the message to display. 35 36 Returns: 37 A dictionary with the following fields: 38 'clientData': url-safe base64 encoded ClientData JSON signed by the key. 39 'signatureData': url-safe base64 encoded signature. 40 'applicationId': application id. 41 'keyHandle': url-safe base64 encoded handle of the key used to sign. 42 43 Raises: 44 U2FError: There was some kind of problem with registration (e.g. 45 the device was already registered or there was a timeout waiting 46 for the test of user presence). 47 """ 48 raise NotImplementedError 49 50 def IsAvailable(self): 51 """Indicates whether the authenticator implementation is available to sign. 52 53 The caller should not call Authenticate() if IsAvailable() returns False 54 55 Returns: 56 True if the authenticator is available to sign and False otherwise. 57 58 """ 59 raise NotImplementedError 60