Force Fido2Client to accept any RP ID, incl. 'solo-sign-hash:...'

solokeys · Oct 25, 2021 · a0a1686 · a0a1686
1 parent 6f2f63d
commit a0a1686
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/solo/devices/solo_v1.py b/solo/devices/solo_v1.py
@@ -73,7 +73,8 @@ def find_device(self, dev=None, solo_serial=None):
             self.ctap2 = None
 
         try:
-            self.client = Fido2Client(dev, self.origin)
+            # Accept any RP ID, including e.g. 'solo-sign-hash:...'
+            self.client = Fido2Client(dev, self.origin, verify=lambda _rp_id, _origin: True)
         except CtapError:
             print("Not using FIDO2 interface.")
             self.client = None

diff --git a/solo/hmac_secret.py b/solo/hmac_secret.py
@@ -42,7 +42,7 @@ def make_credential(
 
     rp = PublicKeyCredentialRpEntity(host, "Example RP")
     client.host = host
-    client.origin = f"https://{client.host}"
+    client.origin = client.host if ":" in client.host else f"https://{client.host}"
     client.user_id = user_id
     user = fido2.webauthn.PublicKeyCredentialUserEntity(user_id, "A. User")
     challenge = secrets.token_bytes(32)
@@ -89,7 +89,7 @@ def simple_secret(
 
     # rp = {"id": host, "name": "Example RP"}
     client.host = host
-    client.origin = f"https://{client.host}"
+    client.origin = client.host if ":" in client.host else f"https://{client.host}"
     client.user_id = user_id
     # user = {"id": user_id, "name": "A. User"}
     credential_id = binascii.a2b_hex(credential_id)