From b370c5b410d6b718cbc334f7d66a94df440e8d4c Mon Sep 17 00:00:00 2001 From: Alex Seigler Date: Sat, 31 Aug 2019 10:16:29 -0400 Subject: [PATCH] Added tests with sample data for Feitian and eWBM roaming authenticators (#95) --- .../KeyCredentialTester.cs | 148 ++++++++++++++++++ 1 file changed, 148 insertions(+) diff --git a/Src/DSInternals.Common.Test/KeyCredentialTester.cs b/Src/DSInternals.Common.Test/KeyCredentialTester.cs index bd9d9c2..d46619f 100644 --- a/Src/DSInternals.Common.Test/KeyCredentialTester.cs +++ b/Src/DSInternals.Common.Test/KeyCredentialTester.cs @@ -246,6 +246,154 @@ namespace DSInternals.Common.Test CollectionAssert.AreEqual(blob, serialized); } + [TestMethod] + public void KeyCredential_Parse_UserKeyFIDO4() + { + byte[] blob = "0002000020000158E5D17B2A43ED041284D1D98E428E8A3A99DEFA11D950C32C8AC9351A0599DD2000025979A72A31CCA7C1ECC5EB2639BC526A73B2FD59F6783988EDBCFCC765FBE1B87904037B2276657273696F6E223A312C226175746844617461223A224E577965314B435449626C70587836766B59494438625666614A326D48377957474577566664706F444948464141414135784C653130564C375566557136726E452F556459354D4149466A6C30587371512B3045456F5452325935436A6F6F366D64373645646C517779794B79545561425A6E64705145434179596741534659494C745A3667486C453775476357415036566A4939594F51336C45485961766F34636B572B73744B5363624A496C67674A6C3476414452415449556A4B7A6E2F43687656556C6F733661364F6D692F513163504265713047537879686132687459574D746332566A636D563039513D3D222C22783563223A5B224D494943517A434341656D67417749424167495148664B31576C4863533269466F396D6561582F74466A414B42676771686B6A4F50515144416A424A4D517377435159445651514745774A56557A45644D4273474131554543677755526D567064476C68626942555A574E6F626D3973623264705A584D78477A415A42674E5642414D4D456B5A6C6158527059573467526B6C4554794244515341774D7A4167467730784F4445794D6A55774D4441774D444261474138794D444D7A4D5449794E44497A4E546B314F566F776344454C4D416B474131554542684D4356564D784854416242674E5642416F4D46455A6C61585270595734675647566A614735766247396E6157567A4D534977494159445651514C44426C426458526F5A57353061574E6864473979494546306447567A64474630615739754D523477484159445651514444425647564342436157395159584E7A49455A4A52453879494441304E7A41775754415442676371686B6A4F5051494242676771686B6A4F50514D4242774E43414153363268496279656E483957506E7A594865686142523343377173776F6D5A6B61507A4779556C4652694A494D6F3375495465496D464F46664E6344754F7A6F71317763585847546D45744574784632776F396E6F6B6F34474A4D4947474D4230474131556444675157424253424931586F4C4459312F484A6162612B5733326E7868787033576A416642674E5648534D454744415767425242742F784E6463714F30703873307865627A594E52696E6E597154414D42674E5648524D4241663845416A41414D424D474379734741515142677555634167454242415144416752774D434547437973474151514267755563415145454242494545424C653130564C375566557136726E452F556459354D77436759494B6F5A497A6A304541774944534141775251496841493647535669313072363733757174736F2B326F4236663553356745306666343474334E63512B544E394E416941432F5343502B654B7731426E6D63536762786351705975576A42504D5644667165673870626D4F64484B773D3D222C226F416A713243654E41322F6779356D7863357456597835527845614C7A4B44316C61303761677466476F303D225D2C22646973706C61794E616D65223A224665697469616E20416C6C696E50617373204649444F32227D0100040701000501100006000000000000000000000000000000000F000701010000000000000000000000000008000800000000000000400800092EB826B0572AD748".HexToBinary(); + var key = new KeyCredential(blob, DummyDN); + Assert.AreEqual(KeyCredentialVersion.Version2, key.Version); + Assert.AreEqual(KeyUsage.FIDO, key.Usage); + Assert.AreEqual(KeySource.AzureAD, key.Source); + Assert.AreEqual(KeyFlags.Attestation, key.CustomKeyInfo.Flags); + Assert.AreEqual("WOXReypD7QQShNHZjkKOijqZ3voR2VDDLIrJNRoFmd0=", key.Identifier); + var km = key.FidoKeyMaterial; + Assert.AreEqual("Feitian AllinPass FIDO2", km.DisplayName); + var expectedRpIdHash = new byte[] { 0x35, 0x6c, 0x9e, 0xd4, 0xa0, 0x93, 0x21, 0xb9, 0x69, 0x5f, 0x1e, 0xaf, 0x91, 0x82, 0x03, 0xf1, 0xb5, 0x5f, 0x68, 0x9d, 0xa6, 0x1f, 0xbc, 0x96, 0x18, 0x4c, 0x15, 0x7d, 0xda, 0x68, 0x0c, 0x81 }; + Assert.AreEqual(expectedRpIdHash.ToHex(true), km.AuthenticatorData.RelyingPartyIdHash.ToHex(true)); + Assert.AreEqual(Data.Fido.AuthenticatorFlags.UserPresent | Data.Fido.AuthenticatorFlags.UserVerified | Data.Fido.AuthenticatorFlags.AttestationData | Data.Fido.AuthenticatorFlags.ExtensionData, km.AuthenticatorData.Flags); + Assert.AreEqual((uint)0xe7, km.AuthenticatorData.SignatureCount); + Assert.AreEqual(new Guid("12ded745-4bed-47d4-abaa-e713f51d6393"), km.AuthenticatorData.AttestedCredentialData.AaGuid); + var expectedCredentialId = "58E5D17B2A43ED041284D1D98E428E8A3A99DEFA11D950C32C8AC9351A0599DD"; + Assert.AreEqual(expectedCredentialId, km.AuthenticatorData.AttestedCredentialData.CredentialID.ToHex(true)); + var strAcd = km.AuthenticatorData.AttestedCredentialData.ToString(); + var expectedStrAcd = "AAGUID: 12ded745-4bed-47d4-abaa-e713f51d6393, CredentialID: 58E5D17B2A43ED041284D1D98E428E8A3A99DEFA11D950C32C8AC9351A0599DD, CredentialPublicKey: {1: 2, 3: -7, -1: 1, -2: h'BB59EA01E513BB8671600FE958C8F58390DE510761ABE8E1C916FACB4A49C6C9', -3: h'265E2F0034404C85232B39FF0A1BD5525A2CE9AE8E9A2FD0D5C3C17AAD064B1C'}"; + Assert.AreEqual(expectedStrAcd, strAcd); + var strExts = km.AuthenticatorData.Extensions.ToString(); + var expectedStrExts = "{\"hmac-secret\": true}"; + Assert.AreEqual(expectedStrExts, strExts); + Assert.IsNull(key.RSAPublicKey); + Assert.IsNotNull(key.ECPublicKey); + Assert.AreEqual("nistP256", key.ECPublicKey.Value.Curve.Oid.FriendlyName); + Assert.AreEqual("bb59ea01e513bb8671600fe958c8f58390de510761abe8e1c916facb4a49c6c9", key.ECPublicKey.Value.Q.X.ToHex()); + Assert.AreEqual("265e2f0034404c85232b39ff0a1bd5525a2ce9ae8e9a2fd0d5c3c17aad064b1c", key.ECPublicKey.Value.Q.Y.ToHex()); + + // Serialize + byte[] serialized = key.ToByteArray(); + Assert.AreEqual(blob.Length, serialized.Length); + CollectionAssert.AreEqual(blob, serialized); + } + + [TestMethod] + public void KeyCredential_Parse_UserKeyFIDO5() + { + byte[] blob = "0002000020000175A1B961F58ECD81E97A9522DD1198FBDB3E6276516BCCE58182DB4E1407B53920000214AA4B99A1325D54E4F6CCB0B5B4A620F18F35B77D44B3AA14559544A7C52CD07704037B2276657273696F6E223A312C226175746844617461223A224E577965314B435449626C70587836766B59494438625666614A326D48377957474577566664706F444948464141414242586342433963684B6B2F4A736A6253796C36645149514149485768755748316A73324236587156497430526D507662506D4A325557764D3559474332303455423755357051454341795967415346594941736F744A752B63324350753276684B36513159446F416F79794743424857634D594639546E694937674B496C676761765870376235762F376A6B4762344C393042774F2B6A396A3978376A5545394256713349526B47657043686132687459574D746332566A636D563039513D3D222C22783563223A5B224D494943517A434341656967417749424167495148664B31576C4863533269466F396D6561582F744644414B42676771686B6A4F50515144416A424A4D517377435159445651514745774A56557A45644D4273474131554543677755526D567064476C68626942555A574E6F626D3973623264705A584D78477A415A42674E5642414D4D456B5A6C6158527059573467526B6C4554794244515341774D544167467730784F4441324D6A45774D4441774D444261474138794D444D7A4D4459794D44497A4E546B314F566F77627A454C4D416B474131554542684D4356564D784854416242674E5642416F4D46455A6C61585270595734675647566A614735766247396E6157567A4D534977494159445651514C44426C426458526F5A57353061574E6864473979494546306447567A64474630615739754D523077477759445651514444425247564342436157395159584E7A49455A4A5245387949465654516A425A4D424D4742797147534D34394167454743437147534D34394177454841304941424742512B4737684A4E6B576864557A495548524C2B354E6E68646432775344486E4B74696C763944594C506E6731466137466467616974645631744C446F6E6A6758504742346E36626C32644775593172697476304B6A67596B7767595977485159445652304F4242594546414879777254637556353768682F6254706E4B574A3833657A50314D42384741315564497751594D42614146482F736C50394B75534E67364256626A4C3037525642557878776B4D41774741315564457745422F7751434D4141774577594C4B77594242414743355277434151454542414D43425341774951594C4B775942424147433552774241515145456751516477454C3179457154386D794E744C4B587031416844414B42676771686B6A4F5051514441674E4A41444247416945416A51342F5472462F714B384C5A38486B4D6D6D43556E653075514945347549366D6635336666572F2F573043495144373377594F6F50724C376865496263676137666D316B6A5370386A7A556863774C64716145747773355A413D3D222C22304152566965435064796F33645839466C4579396D753775416357336C663354667347694F6457794C586B3D225D2C22646973706C61794E616D65223A224665697469616E2042696F50617373204649444F32227D0100040701000501100006000000000000000000000000000000000F00070101000000000000000000000000000800080000000000000040080009E187922E582AD748".HexToBinary(); + var key = new KeyCredential(blob, DummyDN); + Assert.AreEqual(KeyCredentialVersion.Version2, key.Version); + Assert.AreEqual(KeyUsage.FIDO, key.Usage); + Assert.AreEqual(KeySource.AzureAD, key.Source); + Assert.AreEqual(KeyFlags.Attestation, key.CustomKeyInfo.Flags); + Assert.AreEqual("daG5YfWOzYHpepUi3RGY+9s+YnZRa8zlgYLbThQHtTk=", key.Identifier); + var km = key.FidoKeyMaterial; + Assert.AreEqual("Feitian BioPass FIDO2", km.DisplayName); + var expectedRpIdHash = new byte[] { 0x35, 0x6c, 0x9e, 0xd4, 0xa0, 0x93, 0x21, 0xb9, 0x69, 0x5f, 0x1e, 0xaf, 0x91, 0x82, 0x03, 0xf1, 0xb5, 0x5f, 0x68, 0x9d, 0xa6, 0x1f, 0xbc, 0x96, 0x18, 0x4c, 0x15, 0x7d, 0xda, 0x68, 0x0c, 0x81 }; + Assert.AreEqual(expectedRpIdHash.ToHex(true), km.AuthenticatorData.RelyingPartyIdHash.ToHex(true)); + Assert.AreEqual(Data.Fido.AuthenticatorFlags.UserPresent | Data.Fido.AuthenticatorFlags.UserVerified | Data.Fido.AuthenticatorFlags.AttestationData | Data.Fido.AuthenticatorFlags.ExtensionData, km.AuthenticatorData.Flags); + Assert.AreEqual((uint)0x105, km.AuthenticatorData.SignatureCount); + Assert.AreEqual(new Guid("77010bd7-212a-4fc9-b236-d2ca5e9d4084"), km.AuthenticatorData.AttestedCredentialData.AaGuid); + var expectedCredentialId = "75A1B961F58ECD81E97A9522DD1198FBDB3E6276516BCCE58182DB4E1407B539"; + Assert.AreEqual(expectedCredentialId, km.AuthenticatorData.AttestedCredentialData.CredentialID.ToHex(true)); + var strAcd = km.AuthenticatorData.AttestedCredentialData.ToString(); + var expectedStrAcd = "AAGUID: 77010bd7-212a-4fc9-b236-d2ca5e9d4084, CredentialID: 75A1B961F58ECD81E97A9522DD1198FBDB3E6276516BCCE58182DB4E1407B539, CredentialPublicKey: {1: 2, 3: -7, -1: 1, -2: h'0B28B49BBE73608FBB6BE12BA435603A00A32C860811D670C605F539E223B80A', -3: h'6AF5E9EDBE6FFFB8E419BE0BF740703BE8FD8FDC7B8D413D055AB72119067A90'}"; + Assert.AreEqual(expectedStrAcd, strAcd); + var strExts = km.AuthenticatorData.Extensions.ToString(); + var expectedStrExts = "{\"hmac-secret\": true}"; + Assert.AreEqual(expectedStrExts, strExts); + Assert.IsNull(key.RSAPublicKey); + Assert.IsNotNull(key.ECPublicKey); + Assert.AreEqual("nistP256", key.ECPublicKey.Value.Curve.Oid.FriendlyName); + Assert.AreEqual("0b28b49bbe73608fbb6be12ba435603a00a32c860811d670c605f539e223b80a", key.ECPublicKey.Value.Q.X.ToHex()); + Assert.AreEqual("6af5e9edbe6fffb8e419be0bf740703be8fd8fdc7b8d413d055ab72119067a90", key.ECPublicKey.Value.Q.Y.ToHex()); + + // Serialize + byte[] serialized = key.ToByteArray(); + Assert.AreEqual(blob.Length, serialized.Length); + CollectionAssert.AreEqual(blob, serialized); + } + + [TestMethod] + public void KeyCredential_Parse_UserKeyFIDO6() + { + byte[] blob = "0002000020000115DB7508D22047C329C0CDFB295EC0B44B8D141C123FAAACB3F0588221C1C8C9200002E2E0A732152FF3954D38309B28DB9435EC2D1E6CA24776F9C10AEAEB096626BCDB04037B2276657273696F6E223A312C226175746844617461223A224E577965314B435449626C70587836766B59494438625666614A326D48377957474577566664706F4449484641414141424A56454B793778586B3376736E447673516236793034414942586264516A53494566444B63444E2B796C65774C524C6A525163456A2B71724C50775749496877636A4A705145434179596741534659494F6F70745834704337494668303878366C664E6F696667662F6A4B62646A46657670576858383035594A72496C6767413061594363316B645541512B574932545367637936355536356A366D7067496C6741544836352B2F5232686132687459574D746332566A636D563039513D3D222C22783563223A5B224D49494374444343416C6D67417749424167494A414C78654D3769336870516F4D416F4743437147534D343942414D434D4947764D517377435159445651514745774A4C556A45524D4138474131554543417749553256766457777455326B78457A415242674E564241634D436B6468626D64755957307452335578467A415642674E5642416F4D446D5658516B3067513238754C43424D644751754D534977494159445651514C44426C426458526F5A57353061574E6864473979494546306447567A64474630615739754D527777476759445651514444424E6C56304A4E49454E4249454E6C636E52705A6D6C6A5958526C4D5230774777594A4B6F5A496876634E41516B4246673570626D5A765147557464324A744C6D4E7662544165467730784F5441314D444D774E6A49324D544E61467730794F5441304D6A6B774E6A49324D544E614D4947784D517377435159445651514745774A4C556A45524D4138474131554543417749553256766457777455326B78457A415242674E564241634D436B6468626D64755957307452335578467A415642674E5642416F4D446D5658516B3067513238754C43424D644751754D534977494159445651514C44426C426458526F5A57353061574E6864473979494546306447567A64474630615739754D523877485159445651514444425A6C56304A4E49455A4A5245387949454E6C636E52705A6D6C6A5958526C4D5277774767594A4B6F5A496876634E41516B4246673170626D5A7651475633596D3075593239744D466B77457759484B6F5A497A6A3043415159494B6F5A497A6A304441516344516741454255336D56717A3153723967543173454F77616E7965614B6133736945764E765A35762B534C65394863367A734C686D4F50394663464D3051336E30713153356D4D7A304943765A5449776F5055584259624139414B4E614D4667774351594456523054424149774144416642674E5648534D4547444157674253334A2F6678694176323269726442733938534F446846376B552F6A416442674E56485134454667515552433670576964574D6342476331793049416A6165647867596E4577437759445652305042415144416758674D416F4743437147534D343942414D4341306B414D455943495143675459704465345A373457726270546E305467757A53554D32496A4D5267527846384E536E686E624149674968414E3573535868396B59523733593336525356386A384D2B6E4A5737614B4F68527154505A39375666694379225D2C22646973706C61794E616D65223A226557424D20476F6C64656E676174652047333130227D0100040701000501100006000000000000000000000000000000000F000701010000000000000000000000000008000800000000000000400800091D848CAD832CD748".HexToBinary(); + var key = new KeyCredential(blob, DummyDN); + Assert.AreEqual(KeyCredentialVersion.Version2, key.Version); + Assert.AreEqual(KeyUsage.FIDO, key.Usage); + Assert.AreEqual(KeySource.AzureAD, key.Source); + Assert.AreEqual(KeyFlags.Attestation, key.CustomKeyInfo.Flags); + Assert.AreEqual("Fdt1CNIgR8MpwM37KV7AtEuNFBwSP6qss/BYgiHByMk=", key.Identifier); + var km = key.FidoKeyMaterial; + Assert.AreEqual("eWBM Goldengate G310", km.DisplayName); + var expectedRpIdHash = new byte[] { 0x35, 0x6c, 0x9e, 0xd4, 0xa0, 0x93, 0x21, 0xb9, 0x69, 0x5f, 0x1e, 0xaf, 0x91, 0x82, 0x03, 0xf1, 0xb5, 0x5f, 0x68, 0x9d, 0xa6, 0x1f, 0xbc, 0x96, 0x18, 0x4c, 0x15, 0x7d, 0xda, 0x68, 0x0c, 0x81 }; + Assert.AreEqual(expectedRpIdHash.ToHex(true), km.AuthenticatorData.RelyingPartyIdHash.ToHex(true)); + Assert.AreEqual(Data.Fido.AuthenticatorFlags.UserPresent | Data.Fido.AuthenticatorFlags.UserVerified | Data.Fido.AuthenticatorFlags.AttestationData | Data.Fido.AuthenticatorFlags.ExtensionData, km.AuthenticatorData.Flags); + Assert.AreEqual((uint)0x4, km.AuthenticatorData.SignatureCount); + Assert.AreEqual(new Guid("95442b2e-f15e-4def-b270-efb106facb4e"), km.AuthenticatorData.AttestedCredentialData.AaGuid); + var expectedCredentialId = "15DB7508D22047C329C0CDFB295EC0B44B8D141C123FAAACB3F0588221C1C8C9"; + Assert.AreEqual(expectedCredentialId, km.AuthenticatorData.AttestedCredentialData.CredentialID.ToHex(true)); + var strAcd = km.AuthenticatorData.AttestedCredentialData.ToString(); + var expectedStrAcd = "AAGUID: 95442b2e-f15e-4def-b270-efb106facb4e, CredentialID: 15DB7508D22047C329C0CDFB295EC0B44B8D141C123FAAACB3F0588221C1C8C9, CredentialPublicKey: {1: 2, 3: -7, -1: 1, -2: h'EA29B57E290BB205874F31EA57CDA227E07FF8CA6DD8C57AFA56857F34E5826B', -3: h'03469809CD64754010F962364D281CCBAE54EB98FA9A98089600131FAE7EFD1D'}"; + Assert.AreEqual(expectedStrAcd, strAcd); + var strExts = km.AuthenticatorData.Extensions.ToString(); + var expectedStrExts = "{\"hmac-secret\": true}"; + Assert.AreEqual(expectedStrExts, strExts); + Assert.IsNull(key.RSAPublicKey); + Assert.IsNotNull(key.ECPublicKey); + Assert.AreEqual("nistP256", key.ECPublicKey.Value.Curve.Oid.FriendlyName); + Assert.AreEqual("ea29b57e290bb205874f31ea57cda227e07ff8ca6dd8c57afa56857f34e5826b", key.ECPublicKey.Value.Q.X.ToHex()); + Assert.AreEqual("03469809cd64754010f962364d281ccbae54eb98fa9a98089600131fae7efd1d", key.ECPublicKey.Value.Q.Y.ToHex()); + + // Serialize + byte[] serialized = key.ToByteArray(); + Assert.AreEqual(blob.Length, serialized.Length); + CollectionAssert.AreEqual(blob, serialized); + } + + [TestMethod] + public void KeyCredential_Parse_UserKeyFIDO7() + { + byte[] blob = "00020000200001A9DBBA0041B1AF13223BD391465B0F79242148A9B87DF37B15361799B51E98F3200002447341C48A99598520CF5ECC79CFD14240C91AEFCCD990EE2535C0575026C0ACDB04037B2276657273696F6E223A312C226175746844617461223A224E577965314B435449626C70587836766B59494438625666614A326D48377957474577566664706F4449484641414141553466627861464D6C453349696B655832414439487A7741494B6E627567424273613854496A76546B555A6244336B6B495569707548337A6578553246356D3148706A7A7051454341795967415346594942497342767132614D73396355696452763946587A63437962754C4C6C3247474B57484C707A5249374D38496C67676842544D6E486C3264516F77484F577874633558784656374B416E64504530454D4B6D62755045616D4269686132687459574D746332566A636D563039513D3D222C22783563223A5B224D494943736A4343416C6D67417749424167494A41494F505347786A7A656B5A4D416F4743437147534D343942414D434D4947764D517377435159445651514745774A4C556A45524D4138474131554543417749553256766457777455326B78457A415242674E564241634D436B6468626D64755957307452335578467A415642674E5642416F4D446D5658516B3067513238754C43424D644751754D534977494159445651514C44426C426458526F5A57353061574E6864473979494546306447567A64474630615739754D527777476759445651514444424E6C56304A4E49454E4249454E6C636E52705A6D6C6A5958526C4D5230774777594A4B6F5A496876634E41516B4246673570626D5A765147557464324A744C6D4E7662544165467730784F5441314D444D774E6A4D784E445261467730794F5441304D6A6B774E6A4D784E4452614D4947784D517377435159445651514745774A4C556A45524D4138474131554543417749553256766457777455326B78457A415242674E564241634D436B6468626D64755957307452335578467A415642674E5642416F4D446D5658516B3067513238754C43424D644751754D534977494159445651514C44426C426458526F5A57353061574E6864473979494546306447567A64474630615739754D523877485159445651514444425A6C56304A4E49455A4A5245387949454E6C636E52705A6D6C6A5958526C4D5277774767594A4B6F5A496876634E41516B4246673170626D5A7651475633596D3075593239744D466B77457759484B6F5A497A6A3043415159494B6F5A497A6A304441516344516741454B2F437152654E5273786646316C684B5952424F6B4E797478477A384C74684B45746E43334C664C2B306B6B34387964382B682F306E46517A5552495666793673594578524E39794C66786A63734838364F447267614E614D4667774351594456523054424149774144416642674E5648534D4547444157674253334A2F6678694176323269726442733938534F446846376B552F6A416442674E5648513445466751556F6D6C2B4236356535534D73662F4B7047704951476B7445424B6377437759445652305042415144416758674D416F4743437147534D343942414D43413063414D45514349414D574C31537339704A666C48457552525A325058494E6D76775139724E4D36356B6465352B6B4253674A41694146463450336C61787132354A5057783779316F53694368635957674876524E4A75632F58394352707A5A673D3D225D2C22646973706C61794E616D65223A2265574D4220476F6C64656E676174652047333230227D0100040701000501100006000000000000000000000000000000000F00070101000000000000000000000000000800080000000000000040080009CE643C66842CD748".HexToBinary(); + var key = new KeyCredential(blob, DummyDN); + Assert.AreEqual(KeyCredentialVersion.Version2, key.Version); + Assert.AreEqual(KeyUsage.FIDO, key.Usage); + Assert.AreEqual(KeySource.AzureAD, key.Source); + Assert.AreEqual(KeyFlags.Attestation, key.CustomKeyInfo.Flags); + Assert.AreEqual("qdu6AEGxrxMiO9ORRlsPeSQhSKm4ffN7FTYXmbUemPM=", key.Identifier); + var km = key.FidoKeyMaterial; + Assert.AreEqual("eWMB Goldengate G320", km.DisplayName); + var expectedRpIdHash = new byte[] { 0x35, 0x6c, 0x9e, 0xd4, 0xa0, 0x93, 0x21, 0xb9, 0x69, 0x5f, 0x1e, 0xaf, 0x91, 0x82, 0x03, 0xf1, 0xb5, 0x5f, 0x68, 0x9d, 0xa6, 0x1f, 0xbc, 0x96, 0x18, 0x4c, 0x15, 0x7d, 0xda, 0x68, 0x0c, 0x81 }; + Assert.AreEqual(expectedRpIdHash.ToHex(true), km.AuthenticatorData.RelyingPartyIdHash.ToHex(true)); + Assert.AreEqual(Data.Fido.AuthenticatorFlags.UserPresent | Data.Fido.AuthenticatorFlags.UserVerified | Data.Fido.AuthenticatorFlags.AttestationData | Data.Fido.AuthenticatorFlags.ExtensionData, km.AuthenticatorData.Flags); + Assert.AreEqual((uint)0x53, km.AuthenticatorData.SignatureCount); + Assert.AreEqual(new Guid("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c"), km.AuthenticatorData.AttestedCredentialData.AaGuid); + var expectedCredentialId = "A9DBBA0041B1AF13223BD391465B0F79242148A9B87DF37B15361799B51E98F3"; + Assert.AreEqual(expectedCredentialId, km.AuthenticatorData.AttestedCredentialData.CredentialID.ToHex(true)); + var strAcd = km.AuthenticatorData.AttestedCredentialData.ToString(); + var expectedStrAcd = "AAGUID: 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c, CredentialID: A9DBBA0041B1AF13223BD391465B0F79242148A9B87DF37B15361799B51E98F3, CredentialPublicKey: {1: 2, 3: -7, -1: 1, -2: h'122C06FAB668CB3D71489D46FF455F3702C9BB8B2E5D8618A5872E9CD123B33C', -3: h'8414CC9C7976750A301CE5B1B5CE57C4557B2809DD3C4D0430A99BB8F11A9818'}"; + Assert.AreEqual(expectedStrAcd, strAcd); + var strExts = km.AuthenticatorData.Extensions.ToString(); + var expectedStrExts = "{\"hmac-secret\": true}"; + Assert.AreEqual(expectedStrExts, strExts); + Assert.IsNull(key.RSAPublicKey); + Assert.IsNotNull(key.ECPublicKey); + Assert.AreEqual("nistP256", key.ECPublicKey.Value.Curve.Oid.FriendlyName); + Assert.AreEqual("122c06fab668cb3d71489d46ff455f3702c9bb8b2e5d8618a5872e9cd123b33c", key.ECPublicKey.Value.Q.X.ToHex()); + Assert.AreEqual("8414cc9c7976750a301ce5b1b5ce57c4557b2809dd3c4d0430a99bb8f11a9818", key.ECPublicKey.Value.Q.Y.ToHex()); + + // Serialize + byte[] serialized = key.ToByteArray(); + Assert.AreEqual(blob.Length, serialized.Length); + CollectionAssert.AreEqual(blob, serialized); + } + /* For EdDSA keys, if they become available and are supported [TestMethod] public void KeyCredential_Parse_UserKeyFIDO_EdDSA()