k_card

Commit Graph

Author	SHA1	Message	Date
Morten V. Christiansen	56132528fe	Add CardEmulator and fix fido2-direct id= constructor bugs tests/card_emulator.py: software emulator of the ChromeCard FIDO2 authenticator. Implements make_credential and get_assertion with real P-256 cryptography and an in-memory credential store. Both methods accept user_confirms=True/False to simulate the card's Yes/No confirmation dialog; False raises CtapError(OPERATION_DENIED). refusing() returns a wrapper that forces user_confirms=False for integration tests that route through _with_direct_ctap2. forget_user() simulates card-side credential removal. Module docstring serves as the usage guide. tests/test_k_proxy.py: 22 new tests across TestCardEmulatorUnit (direct emulator calls) and TestCardEmulatorIntegration (full ProxyState flows covering register, authenticate, user-says-no, forget, two-user isolation, and sign-count monotonicity). k_proxy_app.py: fix two bugs where RegistrationResponse and AuthenticationResponse were constructed with id= instead of raw_id=. Both calls raised TypeError at runtime, silently caught by the surrounding except block, making all fido2-direct register and authenticate calls fail. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-27 16:31:07 +02:00
Morten V. Christiansen	e7212b49a0	Add k_proxy unit tests with mocked card and upstream 100 tests covering session management, enrollment CRUD, probe and direct FIDO2 auth routing, UpstreamPool connection handling, and all HTTP endpoints via a live in-process server. Card (FIDO2/CTAP) and k_server are fully mocked so the suite runs locally without hardware or VMs. Also hardens the fido2.features.webauthn_json_mapping import guard to tolerate older python-fido2 versions that lack the attribute. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-27 10:44:43 +02:00

Author

SHA1

Message

Date

Morten V. Christiansen

56132528fe

Add CardEmulator and fix fido2-direct id= constructor bugs

tests/card_emulator.py: software emulator of the ChromeCard FIDO2
authenticator. Implements make_credential and get_assertion with real P-256
cryptography and an in-memory credential store. Both methods accept
user_confirms=True/False to simulate the card's Yes/No confirmation dialog;
False raises CtapError(OPERATION_DENIED). refusing() returns a wrapper that
forces user_confirms=False for integration tests that route through
_with_direct_ctap2. forget_user() simulates card-side credential removal.
Module docstring serves as the usage guide.

tests/test_k_proxy.py: 22 new tests across TestCardEmulatorUnit (direct
emulator calls) and TestCardEmulatorIntegration (full ProxyState flows
covering register, authenticate, user-says-no, forget, two-user isolation,
and sign-count monotonicity).

k_proxy_app.py: fix two bugs where RegistrationResponse and
AuthenticationResponse were constructed with id= instead of raw_id=. Both
calls raised TypeError at runtime, silently caught by the surrounding except
block, making all fido2-direct register and authenticate calls fail.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-27 16:31:07 +02:00

Morten V. Christiansen

e7212b49a0

Add k_proxy unit tests with mocked card and upstream

100 tests covering session management, enrollment CRUD, probe and direct
FIDO2 auth routing, UpstreamPool connection handling, and all HTTP
endpoints via a live in-process server. Card (FIDO2/CTAP) and k_server
are fully mocked so the suite runs locally without hardware or VMs.

Also hardens the fido2.features.webauthn_json_mapping import guard to
tolerate older python-fido2 versions that lack the attribute.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-27 10:44:43 +02:00

2 Commits