Improve Code Quality (#405)

iamcarbon · web-flow · commit 2ef5ff32656c · 2023-07-28T14:40:52.000+02:00
* Make UafVersion a readonly struct

* Fix UndesiredMetadataStatusFido2VerificationException class name

* Make RgbPaletteEntry a readonly struct

* Make AuthenticationExtensionsDevicePublicKeyOutputs immutable

* Make PublicKeyCredentialDescriptor immutable

* Fix typo

* Remove unused namespace

* Use new IBufferWriter.WriteGuidBigEndian helper

* Add AsnHelper.GetAaguidBlob

* Fix tests
diff --git a/Src/Fido2.Ctap2/Cbor/CborHelper.cs b/Src/Fido2.Ctap2/Cbor/CborHelper.cs
@@ -7,22 +7,23 @@ internal sealed class CborHelper
 {
     public static PublicKeyCredentialDescriptor DecodePublicKeyCredentialDescriptor(CborMap map)
     {
-        var result = new PublicKeyCredentialDescriptor();
+        byte[]? id = null;
+        PublicKeyCredentialType type = default;
 
         foreach (var (key, value) in map)
         {
             switch ((string)key)
             {
                 case "id":
-                    result.Id = (byte[])value;
+                    id = (byte[])value;
                     break;
                 case "type" when (value is CborTextString { Value: "public-key" }):
-                    result.Type = PublicKeyCredentialType.PublicKey;
+                    type = PublicKeyCredentialType.PublicKey;
                     break;
             }
         }
 
-        return result;
+        return new PublicKeyCredentialDescriptor(type, id!, null);
     }
 
     public static PublicKeyCredentialUserEntity DecodePublicKeyCredentialUserEntity(CborMap map)
diff --git a/Src/Fido2.Models/Metadata/RgbPaletteEntry.cs b/Src/Fido2.Models/Metadata/RgbPaletteEntry.cs
@@ -1,4 +1,4 @@
-﻿using System.ComponentModel.DataAnnotations;
+﻿using System;
 using System.Text.Json.Serialization;
 
 namespace Fido2NetLib;
@@ -9,23 +9,58 @@ namespace Fido2NetLib;
 /// <remarks>
 /// <see href="https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-statement-v2.0-rd-20180702.html#rgbpaletteentry-dictionary"/>
 /// </remarks>
-public class RgbPaletteEntry
+public readonly struct RgbPaletteEntry : IEquatable<RgbPaletteEntry>
 {
+    [JsonConstructor]
+    public RgbPaletteEntry(ushort r, ushort g, ushort b)
+    {
+        R = r;
+        G = g;
+        B = b;
+    }
+
     /// <summary>
     /// Gets or sets the red channel sample value.
     /// </summary>
-    [JsonPropertyName("r"), Required]
-    public ushort R { get; set; }
+    [JsonPropertyName("r")]
+    public ushort R { get; }
 
     /// <summary>
     /// Gets or sets the green channel sample value.
     /// </summary>
-    [JsonPropertyName("g"), Required]
-    public ushort G { get; set; }
+    [JsonPropertyName("g")]
+    public ushort G { get; }
 
     /// <summary>
     /// Gets or sets the blue channel sample value.
     /// </summary>
-    [JsonPropertyName("b"), Required]
-    public ushort B { get; set; }
+    [JsonPropertyName("b")]
+    public ushort B { get; }
+
+    public bool Equals(RgbPaletteEntry other)
+    {
+        return R == other.R
+            && G == other.G
+            && B == other.B;
+    }
+
+    public override bool Equals(object obj)
+    {
+        return obj is RgbPaletteEntry other && Equals(other);
+    }
+
+    public static bool operator ==(RgbPaletteEntry left, RgbPaletteEntry right)
+    {
+        return left.Equals(right);
+    }
+
+    public static bool operator !=(RgbPaletteEntry left, RgbPaletteEntry right)
+    {
+        return !left.Equals(right);
+    }
+
+    public override int GetHashCode()
+    {
+        return HashCode.Combine(R, G, B);
+    }
 }
diff --git a/Src/Fido2.Models/Metadata/UafVersion.cs b/Src/Fido2.Models/Metadata/UafVersion.cs
@@ -1,4 +1,5 @@
-﻿using System.Text.Json.Serialization;
+﻿using System;
+using System.Text.Json.Serialization;
 
 namespace Fido2NetLib;
 
@@ -8,16 +9,50 @@ namespace Fido2NetLib;
 /// <remarks>
 /// https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html#version-interface
 /// </remarks>
-public class UafVersion
+public readonly struct UafVersion : IEquatable<UafVersion>
 {
+    [JsonConstructor]
+    public UafVersion(ushort major, ushort minor)
+    {
+        Major = major;
+        Minor = minor;
+    }
+
     /// <summary>
     /// Major version
     /// </summary>
     [JsonPropertyName("major")]
-    public ushort Major { get; set; }
+    public ushort Major { get; }
+
     /// <summary>
     /// Minor version
     /// </summary>
     [JsonPropertyName("minor")]
-    public ushort Minor { get; set; }
+    public ushort Minor { get; }
+
+    public bool Equals(UafVersion other)
+    {
+        return Major == other.Major
+            && Minor == other.Minor;
+    }
+
+    public override bool Equals(object obj)
+    {
+        return obj is UafVersion other && Equals(other);
+    }
+
+    public override int GetHashCode()
+    {
+        return HashCode.Combine(Major, Minor);
+    }
+
+    public static bool operator ==(UafVersion left, UafVersion right)
+    {
+        return left.Equals(right);
+    }
+
+    public static bool operator !=(UafVersion left, UafVersion right)
+    {
+        return !left.Equals(right);
+    }
 }
diff --git a/Src/Fido2.Models/Objects/AuthenticationExtensionsDevicePublicKeyOutputs.cs b/Src/Fido2.Models/Objects/AuthenticationExtensionsDevicePublicKeyOutputs.cs
@@ -1,14 +1,23 @@
-﻿namespace Fido2NetLib.Objects;
+﻿#nullable enable
+
+namespace Fido2NetLib.Objects;
 
 using System.Text.Json.Serialization;
 
 public sealed class AuthenticationExtensionsDevicePublicKeyOutputs
 {
+    [JsonConstructor]
+    public AuthenticationExtensionsDevicePublicKeyOutputs(byte[] authenticatorOutput, byte[] signature)
+    {
+        AuthenticatorOutput = authenticatorOutput;
+        Signature = signature;
+    }
+
     [JsonConverter(typeof(Base64UrlConverter))]
     [JsonPropertyName("authenticatorOutput")]
-    public byte[] AuthenticatorOutput { get; set; }
+    public byte[] AuthenticatorOutput { get; }
 
     [JsonConverter(typeof(Base64UrlConverter))]
     [JsonPropertyName("signature")]
-    public byte[] Signature { get; set; }
+    public byte[] Signature { get; }
 }
diff --git a/Src/Fido2.Models/Objects/PublicKeyCredentialDescriptor.cs b/Src/Fido2.Models/Objects/PublicKeyCredentialDescriptor.cs
@@ -1,4 +1,7 @@
-﻿using System.Text.Json.Serialization;
+﻿#nullable enable
+
+using System;
+using System.Text.Json.Serialization;
 
 namespace Fido2NetLib.Objects;
 
@@ -7,37 +10,38 @@ namespace Fido2NetLib.Objects;
 /// Lazy implementation of https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialdescriptor
 /// todo: Should add validation of values as specified in spec
 /// </summary>
-public class PublicKeyCredentialDescriptor
+public sealed class PublicKeyCredentialDescriptor
 {
-    public PublicKeyCredentialDescriptor(byte[] credentialId)
-    {
-        Id = credentialId;
-    }
+    public PublicKeyCredentialDescriptor(byte[] id)
+        : this(PublicKeyCredentialType.PublicKey, id, null) { }
 
-    public PublicKeyCredentialDescriptor()
+    [JsonConstructor]
+    public PublicKeyCredentialDescriptor(PublicKeyCredentialType type, byte[] id, AuthenticatorTransport[]? transports = null)
     {
+        ArgumentNullException.ThrowIfNull(id);
 
+        Type = type;
+        Id = id;
+        Transports = transports;
     }
 
     /// <summary>
     /// This member contains the type of the public key credential the caller is referring to.
     /// </summary>
     [JsonPropertyName("type")]
-    public PublicKeyCredentialType? Type { get; set; } = PublicKeyCredentialType.PublicKey;
+    public PublicKeyCredentialType Type { get; }
 
     /// <summary>
     /// This member contains the credential ID of the public key credential the caller is referring to.
     /// </summary>
     [JsonConverter(typeof(Base64UrlConverter))]
     [JsonPropertyName("id")]
-    public byte[] Id { get; set; }
-
-#nullable enable
+    public byte[] Id { get; }
 
     /// <summary>
     /// This OPTIONAL member contains a hint as to how the client might communicate with the managing authenticator of the public key credential the caller is referring to.
     /// </summary>
     [JsonPropertyName("transports")]
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
-    public AuthenticatorTransport[]? Transports { get; set; }
+    public AuthenticatorTransport[]? Transports { get; }
 };
diff --git a/Src/Fido2.Models/UndesiredMetadataStatusFido2VerificationException.cs b/Src/Fido2.Models/UndesiredMetadataStatusFido2VerificationException.cs
@@ -7,14 +7,14 @@ namespace Fido2NetLib;
 /// Exception thrown when a new attestation comes from an authenticator with a current reported security issue.
 /// </summary>
 [Serializable]
-public class UndesiredMetdatataStatusFido2VerificationException : Fido2VerificationException
+public class UndesiredMetadataStatusFido2VerificationException : Fido2VerificationException
 {
-    public UndesiredMetdatataStatusFido2VerificationException(StatusReport statusReport) : base($"Authenticator found with undesirable status. Was {statusReport.Status}")
+    public UndesiredMetadataStatusFido2VerificationException(StatusReport statusReport) : base($"Authenticator found with undesirable status. Was {statusReport.Status}")
     {
         StatusReport = statusReport;
     }
 
-    protected UndesiredMetdatataStatusFido2VerificationException(SerializationInfo info, StreamingContext context) : base(info, context) { }
+    protected UndesiredMetadataStatusFido2VerificationException(SerializationInfo info, StreamingContext context) : base(info, context) { }
 
     /// <summary>
     /// Status report from the authenticator that caused the attestation to be rejected.
diff --git a/Src/Fido2/AuthenticatorAssertionResponse.cs b/Src/Fido2/AuthenticatorAssertionResponse.cs
@@ -50,7 +50,7 @@ public static AuthenticatorAssertionResponse Parse(AuthenticatorAssertionRawResp
     }
 
     /// <summary>
-    /// Implements alghoritm from https://www.w3.org/TR/webauthn/#verifying-assertion
+    /// Implements algorithm from https://www.w3.org/TR/webauthn/#verifying-assertion
     /// </summary>
     /// <param name="options">The assertionoptions that was sent to the client</param>
     /// <param name="fullyQualifiedExpectedOrigins">
diff --git a/Src/Fido2/AuthenticatorAttestationResponse.cs b/Src/Fido2/AuthenticatorAttestationResponse.cs
@@ -176,11 +176,11 @@ public async Task<AttestationVerificationSuccess> VerifyAsync(
         //     If ECDAA was used, verify that the identifier of the ECDAA-Issuer public key used is included in the set of acceptable trust anchors obtained in step 15.
         //     Otherwise, use the X.509 certificates returned by the verification procedure to verify that the attestation public key correctly chains up to an acceptable root certificate.
 
-        // Check status resports for authenticator with undesirable status
+        // Check status reports for authenticator with undesirable status
         var latestStatusReport = metadataEntry?.GetLatestStatusReport();
         if (latestStatusReport != null && config.UndesiredAuthenticatorMetadataStatuses.Contains(latestStatusReport.Status))
         {
-            throw new UndesiredMetdatataStatusFido2VerificationException(latestStatusReport);
+            throw new UndesiredMetadataStatusFido2VerificationException(latestStatusReport);
         }
 
         // 23. Verify that the credentialId is ≤ 1023 bytes.
@@ -274,7 +274,7 @@ byte[] hash
         var latestStatusReport = metadataEntry?.GetLatestStatusReport();
         if (latestStatusReport != null && _config.UndesiredAuthenticatorMetadataStatuses.Contains(latestStatusReport.Status))
         {
-            throw new UndesiredMetdatataStatusFido2VerificationException(latestStatusReport);
+            throw new UndesiredMetadataStatusFido2VerificationException(latestStatusReport);
         }
 
         return devicePublicKeyAuthenticatorOutput.GetBytes();
diff --git a/Src/Fido2/Objects/AttestedCredentialData.cs b/Src/Fido2/Objects/AttestedCredentialData.cs
@@ -123,21 +123,6 @@ public static Guid FromBigEndian(byte[] aaGuid)
         return new Guid(aaGuid);
     }
 
-    /// <summary>
-    /// AAGUID is sent as big endian byte array, this converter is for little endian systems.
-    /// </summary>
-    public static byte[] AaGuidToBigEndian(Guid aaGuid)
-    {
-        var aaguid = aaGuid.ToByteArray();
-
-        SwapBytes(aaguid, 0, 3);
-        SwapBytes(aaguid, 1, 2);
-        SwapBytes(aaguid, 4, 5);
-        SwapBytes(aaguid, 6, 7);
-
-        return aaguid;
-    }
-
     public override string ToString()
     {
         return $"AAGUID: {AaGuid}, CredentialID: {Convert.ToHexString(CredentialID)}, CredentialPublicKey: {CredentialPublicKey}";
@@ -154,16 +139,7 @@ public byte[] ToByteArray()
 
     public void WriteTo(IBufferWriter<byte> writer)
     {
-        // Write the aaguid as big endian bytes
-        if (BitConverter.IsLittleEndian)
-        {
-            writer.Write(AaGuidToBigEndian(AaGuid));
-        }
-        else
-        {
-            _ = AaGuid.TryWriteBytes(writer.GetSpan(16));
-            writer.Advance(16);
-        }
+        writer.WriteGuidBigEndian(AaGuid);
 
         // Write the length of credential ID, as big endian bytes of a 16-bit unsigned integer
         writer.WriteUInt16BigEndian((ushort)CredentialID.Length);
diff --git a/Src/Fido2/Objects/DevicePublicKeyAuthenticatorOutput.cs b/Src/Fido2/Objects/DevicePublicKeyAuthenticatorOutput.cs
@@ -2,8 +2,8 @@
 namespace Fido2NetLib.Objects;
 
 using System;
+
 using Fido2NetLib.Cbor;
-using NSec.Cryptography;
 
 
 public sealed class DevicePublicKeyAuthenticatorOutput
diff --git a/Test/AuthenticatorResponse.cs b/Test/AuthenticatorResponse.cs
diff --git a/Test/ExistingU2fRegistrationDataTests.cs b/Test/ExistingU2fRegistrationDataTests.cs
diff --git a/Test/Extensions/AsnHelper.cs b/Test/Extensions/AsnHelper.cs
diff --git a/Test/Fido2Tests.cs b/Test/Fido2Tests.cs
diff --git a/Tests/Fido2.Ctap2.Tests/Commands/AuthenticatorGetAssertionCommandTests.cs b/Tests/Fido2.Ctap2.Tests/Commands/AuthenticatorGetAssertionCommandTests.cs

Original file line number	Diff line number	Diff line change
`@@ -7,22 +7,23 @@ internal sealed class CborHelper`
`7`	`7`	`{`
`8`	`8`	`public static PublicKeyCredentialDescriptor DecodePublicKeyCredentialDescriptor(CborMap map)`
`9`	`9`	`{`
`10`		`- var result = new PublicKeyCredentialDescriptor();`
	`10`	`+ byte[]? id = null;`
	`11`	`+ PublicKeyCredentialType type = default;`
`11`	`12`
`12`	`13`	`foreach (var (key, value) in map)`
`13`	`14`	`{`
`14`	`15`	`switch ((string)key)`
`15`	`16`	`{`
`16`	`17`	`case "id":`
`17`		`- result.Id = (byte[])value;`
	`18`	`+ id = (byte[])value;`
`18`	`19`	`break;`
`19`	`20`	`case "type" when (value is CborTextString { Value: "public-key" }):`
`20`		`- result.Type = PublicKeyCredentialType.PublicKey;`
	`21`	`+ type = PublicKeyCredentialType.PublicKey;`
`21`	`22`	`break;`
`22`	`23`	`}`
`23`	`24`	`}`
`24`	`25`
`25`		`- return result;`
	`26`	`+ return new PublicKeyCredentialDescriptor(type, id!, null);`
`26`	`27`	`}`
`27`	`28`
`28`	`29`	`public static PublicKeyCredentialUserEntity DecodePublicKeyCredentialUserEntity(CborMap map)`
Original file line number	Diff line number	Diff line change
`@@ -7,14 +7,14 @@ namespace Fido2NetLib;`
`7`	`7`	`/// Exception thrown when a new attestation comes from an authenticator with a current reported security issue.`
`8`	`8`	`/// </summary>`
`9`	`9`	`[Serializable]`
`10`		`-public class UndesiredMetdatataStatusFido2VerificationException : Fido2VerificationException`
	`10`	`+public class UndesiredMetadataStatusFido2VerificationException : Fido2VerificationException`
`11`	`11`	`{`
`12`		`- public UndesiredMetdatataStatusFido2VerificationException(StatusReport statusReport) : base($"Authenticator found with undesirable status. Was {statusReport.Status}")`
	`12`	`+ public UndesiredMetadataStatusFido2VerificationException(StatusReport statusReport) : base($"Authenticator found with undesirable status. Was {statusReport.Status}")`
`13`	`13`	`{`
`14`	`14`	`StatusReport = statusReport;`
`15`	`15`	`}`
`16`	`16`
`17`		`- protected UndesiredMetdatataStatusFido2VerificationException(SerializationInfo info, StreamingContext context) : base(info, context) { }`
	`17`	`+ protected UndesiredMetadataStatusFido2VerificationException(SerializationInfo info, StreamingContext context) : base(info, context) { }`
`18`	`18`
`19`	`19`	`/// <summary>`
`20`	`20`	`/// Status report from the authenticator that caused the attestation to be rejected.`
Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ public static AuthenticatorAssertionResponse Parse(AuthenticatorAssertionRawResp`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`/// <summary>`
`53`		`- /// Implements alghoritm from https://www.w3.org/TR/webauthn/#verifying-assertion`
	`53`	`+ /// Implements algorithm from https://www.w3.org/TR/webauthn/#verifying-assertion`
`54`	`54`	`/// </summary>`
`55`	`55`	`/// <param name="options">The assertionoptions that was sent to the client</param>`
`56`	`56`	`/// <param name="fullyQualifiedExpectedOrigins">`
Original file line number	Diff line number	Diff line change
`@@ -176,11 +176,11 @@ public async Task<AttestationVerificationSuccess> VerifyAsync(`
`176`	`176`	`// If ECDAA was used, verify that the identifier of the ECDAA-Issuer public key used is included in the set of acceptable trust anchors obtained in step 15.`
`177`	`177`	`// Otherwise, use the X.509 certificates returned by the verification procedure to verify that the attestation public key correctly chains up to an acceptable root certificate.`
`178`	`178`
`179`		`- // Check status resports for authenticator with undesirable status`
	`179`	`+ // Check status reports for authenticator with undesirable status`
`180`	`180`	`var latestStatusReport = metadataEntry?.GetLatestStatusReport();`
`181`	`181`	`if (latestStatusReport != null && config.UndesiredAuthenticatorMetadataStatuses.Contains(latestStatusReport.Status))`
`182`	`182`	`{`
`183`		`- throw new UndesiredMetdatataStatusFido2VerificationException(latestStatusReport);`
	`183`	`+ throw new UndesiredMetadataStatusFido2VerificationException(latestStatusReport);`
`184`	`184`	`}`
`185`	`185`
`186`	`186`	`// 23. Verify that the credentialId is ≤ 1023 bytes.`
`@@ -274,7 +274,7 @@ byte[] hash`
`274`	`274`	`var latestStatusReport = metadataEntry?.GetLatestStatusReport();`
`275`	`275`	`if (latestStatusReport != null && _config.UndesiredAuthenticatorMetadataStatuses.Contains(latestStatusReport.Status))`
`276`	`276`	`{`
`277`		`- throw new UndesiredMetdatataStatusFido2VerificationException(latestStatusReport);`
	`277`	`+ throw new UndesiredMetadataStatusFido2VerificationException(latestStatusReport);`
`278`	`278`	`}`
`279`	`279`
`280`	`280`	`return devicePublicKeyAuthenticatorOutput.GetBytes();`