feat: add static class for Fido2 extensions in Extensions.cs

Author: DennisDyallo

Yubico.YubiKey/src/Yubico/YubiKey/Fido2/AuthenticatorData.cs

@@ -227,7 +227,7 @@ public AuthenticatorData(ReadOnlyMemory<byte> encodedData)
         /// </returns>
         public byte[] GetCredBlobExtension()
         {
-            if (!TryGetExtensionData(Fido2ExtensionKeys.CredBlob, out var encodedData))
+            if (!TryGetExtensionData(Fido2.Extensions.CredBlob, out var encodedData))
             {
                 return Array.Empty<byte>();
             }
@@ -250,7 +250,7 @@ public byte[] GetCredBlobExtension()
         /// </returns>
         public bool GetThirdPartyPaymentExtension()
         {
-            if (!TryGetExtensionData(Fido2ExtensionKeys.ThirdPartyPayment, out var encodedData))
+            if (!TryGetExtensionData(Fido2.Extensions.ThirdPartyPayment, out var encodedData))
             {
                 return false;
             }
@@ -276,7 +276,7 @@ public bool GetThirdPartyPaymentExtension()
         /// </returns>
         public int? GetMinPinLengthExtension()
         {
-            if (!TryGetExtensionData(Fido2ExtensionKeys.MinPinLength, out var encodedData))
+            if (!TryGetExtensionData(Fido2.Extensions.MinPinLength, out var encodedData))
             {
                 return null;
             }
@@ -339,13 +339,13 @@ public byte[] GetHmacSecretExtension(PinUvAuthProtocolBase authProtocol)
         {
             Guard.IsNotNull(authProtocol, nameof(authProtocol));
 
-            if (!TryGetExtensionData(Fido2ExtensionKeys.HmacSecret, out var encodedData))
+            if (!TryGetExtensionData(Fido2.Extensions.HmacSecret, out var encodedData))
             {
                 return Array.Empty<byte>();
             }
 
             bool hasHmacMcSecret = encodedData.Span[0] == CborHelpers.True;
-            if (hasHmacMcSecret && !TryGetExtensionData(Fido2ExtensionKeys.HmacSecretMc, out encodedData))
+            if (hasHmacMcSecret && !TryGetExtensionData(Fido2.Extensions.HmacSecretMc, out encodedData))
             {
                 return Array.Empty<byte>();
             }
@@ -374,7 +374,7 @@ public byte[] GetHmacSecretExtension(PinUvAuthProtocolBase authProtocol)
         /// </exception>
         public CredProtectPolicy GetCredProtectExtension()
         {
-            if (!TryGetExtensionData(Fido2ExtensionKeys.CredProtect, out var encodedValue))
+            if (!TryGetExtensionData(Fido2.Extensions.CredProtect, out var encodedValue))
             {
                 return CredProtectPolicy.None;
             }

Yubico.YubiKey/src/Yubico/YubiKey/Fido2/Extensions.cs

@@ -0,0 +1,42 @@
+namespace Yubico.YubiKey.Fido2;
+
+/// <summary>
+/// Contains constant strings for FIDO2 extension identifiers.
+/// </summary>
+public static class Extensions
+{
+    /// <summary>
+    /// The credential protection extension identifier.
+    /// </summary>
+    public const string CredProtect = "credProtect";
+
+    /// <summary>
+    /// The credential blob extension identifier.
+    /// </summary>
+    public const string CredBlob = "credBlob";
+
+    /// <summary>
+    /// The large blob key extension identifier.
+    /// </summary>
+    public const string LargeBlobKey = "largeBlobKey";
+
+    /// <summary>
+    /// The minimum PIN length extension identifier.
+    /// </summary>
+    public const string MinPinLength = "minPinLength";
+
+    /// <summary>
+    /// The HMAC secret extension identifier.
+    /// </summary>
+    public const string HmacSecret = "hmac-secret";
+
+    /// <summary>
+    /// The HMAC secret multi-credential extension identifier.
+    /// </summary>
+    public const string HmacSecretMc = "hmac-secret-mc";
+
+    /// <summary>
+    /// The third party payment extension identifier.
+    /// </summary>
+    public const string ThirdPartyPayment = "thirdPartyPayment";
+}

Yubico.YubiKey/src/Yubico/YubiKey/Fido2/Fido2ExtensionKeys.cs

@@ -14,10 +14,8 @@
 
 using System;
 using System.Collections.Generic;
-using CommunityToolkit.Diagnostics;
 using Yubico.YubiKey.Fido2.Cbor;
 using Yubico.YubiKey.Fido2.PinProtocols;
-using Yubico.YubiKey.Utilities;
 
 namespace Yubico.YubiKey.Fido2
 {
@@ -86,7 +84,7 @@ public class GetAssertionParameters : AuthenticatorOperationParameters<GetAssert
         /// </summary>
         /// <remarks>
         /// If you are getting assertions using
-        /// <see cref="Fido2Session.GetAssertions"/>, you do NOT need to set this
+        /// <see cref="Fido2Session.GetAssertions"/>, you do not need to set this
         /// property, the SDK will take care of it. But if you are getting
         /// assertions using the <see cref="Commands.GetAssertionCommand"/>, then
         /// you must set this property.
@@ -191,7 +189,7 @@ public void AllowCredential(CredentialId credentialId) => _allowList =
         /// </para>
         /// </remarks>
         public void RequestCredBlobExtension() =>
-            AddExtension(Fido2ExtensionKeys.CredBlob, true);
+            AddExtension(Fido2.Extensions.CredBlob, true);
 
         /// <summary>
         /// Requests the third-party payment status of a credential during an assertion.
@@ -201,7 +199,7 @@ public void RequestCredBlobExtension() =>
         /// will return `true` for this extension in the assertion response. Otherwise, it will return `false`.
         /// </remarks>
         public void RequestThirdPartyPayment() =>
-            AddExtension(Fido2ExtensionKeys.ThirdPartyPayment, true);
+            AddExtension(Fido2.Extensions.ThirdPartyPayment, true);
 
         /// <summary>
         /// Specify that the YubiKey should return the "hmac-secret" with the
@@ -393,7 +391,7 @@ public void EncodeHmacSecretExtension(PinUvAuthProtocolBase authProtocol)
             }
 
             _hmacSecretEncoding = HmacSecretExtension.Encode(authProtocol, _salt1.Value, _salt2);
-            AddExtension(Fido2ExtensionKeys.HmacSecret, _hmacSecretEncoding);
+            AddExtension(Fido2.Extensions.HmacSecret, _hmacSecretEncoding);
         }
 
         /// <inheritdoc/>

Yubico.YubiKey/src/Yubico/YubiKey/Fido2/GetAssertionParameters.cs

@@ -16,12 +16,10 @@
 using System.Collections.Generic;
 using System.Formats.Cbor;
 using System.Globalization;
-using System.Linq;
 using CommunityToolkit.Diagnostics;
 using Yubico.YubiKey.Fido2.Cbor;
 using Yubico.YubiKey.Fido2.Cose;
 using Yubico.YubiKey.Fido2.PinProtocols;
-using Yubico.YubiKey.Utilities;
 
 namespace Yubico.YubiKey.Fido2
 {
@@ -302,7 +300,7 @@ public void ExcludeCredential(CredentialId credentialId) =>
         /// as defined by standards like W3C's Secure Payment Confirmation.
         /// </remarks>
         public void AddThirdPartyPaymentExtension() =>
-            AddExtension(Fido2ExtensionKeys.ThirdPartyPayment, true);
+            AddExtension(Fido2.Extensions.ThirdPartyPayment, true);
 
         /// <summary>
         /// Specify that the YubiKey should return the minimum PIN length with
@@ -347,12 +345,12 @@ public void AddThirdPartyPaymentExtension() =>
         public void AddMinPinLengthExtension(AuthenticatorInfo authenticatorInfo)
         {
             Guard.IsNotNull(authenticatorInfo);
-            if (!authenticatorInfo.IsExtensionSupported(Fido2ExtensionKeys.MinPinLength))
+            if (!authenticatorInfo.IsExtensionSupported(Fido2.Extensions.MinPinLength))
             {
                 throw new NotSupportedException(ExceptionMessages.NotSupportedByYubiKeyVersion);
             }
 
-            AddExtension(Fido2ExtensionKeys.MinPinLength, true);
+            AddExtension(Fido2.Extensions.MinPinLength, true);
         }
 
         /// <summary>
@@ -414,7 +412,7 @@ public void AddCredBlobExtension(byte[] credBlobValue, AuthenticatorInfo authent
             Guard.IsNotNull(authenticatorInfo, nameof(authenticatorInfo));
             Guard.IsNotNull(credBlobValue, nameof(credBlobValue));
 
-            if (!authenticatorInfo.IsExtensionSupported(Fido2ExtensionKeys.CredBlob))
+            if (!authenticatorInfo.IsExtensionSupported(Fido2.Extensions.CredBlob))
             {
                 throw new NotSupportedException(ExceptionMessages.NotSupportedByYubiKeyVersion);
             }
@@ -429,7 +427,7 @@ public void AddCredBlobExtension(byte[] credBlobValue, AuthenticatorInfo authent
             }
 
             var credBlob = new CredBlob(credBlobValue);
-            AddExtension(Fido2ExtensionKeys.CredBlob, credBlob);
+            AddExtension(Fido2.Extensions.CredBlob, credBlob);
         }
 
         /// <summary>
@@ -478,12 +476,12 @@ public void AddCredBlobExtension(byte[] credBlobValue, AuthenticatorInfo authent
         public void AddHmacSecretExtension(AuthenticatorInfo authenticatorInfo)
         {
             Guard.IsNotNull(authenticatorInfo, nameof(authenticatorInfo));
-            if (!authenticatorInfo.IsExtensionSupported(Fido2ExtensionKeys.HmacSecret))
+            if (!authenticatorInfo.IsExtensionSupported(Fido2.Extensions.HmacSecret))
             {
                 throw new NotSupportedException(ExceptionMessages.NotSupportedByYubiKeyVersion);
             }
 
-            AddExtension(Fido2ExtensionKeys.HmacSecret, true);
+            AddExtension(Fido2.Extensions.HmacSecret, true);
         }
 
         /// <summary>
@@ -535,7 +533,7 @@ public void AddHmacSecretMcExtension(
         {
             Guard.IsNotNull(authenticatorInfo, nameof(authenticatorInfo));
 
-            if (!authenticatorInfo.IsExtensionSupported(Fido2ExtensionKeys.HmacSecretMc))
+            if (!authenticatorInfo.IsExtensionSupported(Fido2.Extensions.HmacSecretMc))
             {
                 throw new NotSupportedException(ExceptionMessages.NotSupportedByYubiKeyVersion);
             }
@@ -597,8 +595,8 @@ public void EncodeHmacSecretExtension(PinUvAuthProtocolBase authProtocol)
 
             _hmacSecretEncoding = HmacSecretExtension.Encode(authProtocol, _salt1.Value, _salt2);
 
-            AddExtension(Fido2ExtensionKeys.HmacSecret, true);
-            AddExtension(Fido2ExtensionKeys.HmacSecretMc, _hmacSecretEncoding);
+            AddExtension(Fido2.Extensions.HmacSecret, true);
+            AddExtension(Fido2.Extensions.HmacSecretMc, _hmacSecretEncoding);
         }
 
         /// <summary>
@@ -706,7 +704,7 @@ public void AddCredProtectExtension(
             }
 
             Guard.IsNotNull(authenticatorInfo, nameof(authenticatorInfo));
-            if (!authenticatorInfo.IsExtensionSupported(Fido2ExtensionKeys.CredProtect))
+            if (!authenticatorInfo.IsExtensionSupported(Fido2.Extensions.CredProtect))
             {
                 if (enforceCredProtectPolicy && credProtectPolicy != CredProtectPolicy.UserVerificationOptional)
                 {
@@ -719,7 +717,7 @@ public void AddCredProtectExtension(
             // The encoding is key/value where the key is "credProtect" and the
             // value is an unsigned int (major type 0). The only three possible
             // values are 1, 2, or 3, so the encoding is simply 0x01, 02,or 03.
-            AddExtension(Fido2ExtensionKeys.CredProtect, (byte)credProtectPolicy);
+            AddExtension(Fido2.Extensions.CredProtect, (byte)credProtectPolicy);
         }
 
         /// <inheritdoc cref="AddCredProtectExtension(CredProtectPolicy,bool,AuthenticatorInfo)"/>

Yubico.YubiKey/src/Yubico/YubiKey/Fido2/MakeCredentialParameters.cs

@@ -61,7 +61,7 @@ public void SetLargeBlob_Succeeds()
                 {
                     ClientDataHash = _clientDataHash
                 };
-                mcParams1.AddExtension("largeBlobKey", new byte[] { 0xF5 });
+                mcParams1.AddExtension(Extensions.LargeBlobKey, new byte[] { 0xF5 });
                 mcParams1.AddOption(AuthenticatorOptions.rk, true);
 
                 fido2Session.AddPermissions(PinUvAuthTokenPermissions.AuthenticatorConfiguration);