public void KeyCredential_Generate_FromPublicKey()
{
byte[] publicKey = "525341310008000003000000000100000000000000000000010001C1A78914457758B0B13C70C710C7F8548F3F9ED56AD4640B6E6A112655C98ECAC1CBD68A298F5686C08439428A97FE6FDF58D78EA481905182BAD684C2D9C5CDE1CDE34AA19742E8BBF58B953EAC4C562FCF598CC176B02DBE9FFFEF5937A65815C236F92892F7E511A1FEDD5483CB33F1EA715D68106180DED2432A293367114A6E325E62F93F73D7ECE4B6A2BCDB829D95C8645C3073B94BA7CB7515CD29042F0967201C6E24A77821E92A6C756DF79841ACBAAE11D90CA03B9FCD24EF9E304B5D35248A7BD70557399960277058AE3E99C7C7E2284858B7BF8B08CDD286964186A50A7FCBCC6A24F00FEE5B9698BBD3B1AEAD0CE81FEA461C0ABD716843A5".HexToBinary();
Guid deviceId = Guid.Parse("47f577e3-d2d0-4a0a-8aca-e0501098bde4");
DateTime creationTime = DateTime.FromFileTime(131734027581684545);
string expectedKeyCredentialBlob = "0002000020000120717AE052FCCF546AAD0D51E878AAD69CE04FDC39F5A8D8E3CEBA6BCB4DA0E720000214B7474E61C1001D3E546CFED8E387CFC1AC86A2CA7B3CDCF1267614585E2A341B0103525341310008000003000000000100000000000000000000010001C1A78914457758B0B13C70C710C7F8548F3F9ED56AD4640B6E6A112655C98ECAC1CBD68A298F5686C08439428A97FE6FDF58D78EA481905182BAD684C2D9C5CDE1CDE34AA19742E8BBF58B953EAC4C562FCF598CC176B02DBE9FFFEF5937A65815C236F92892F7E511A1FEDD5483CB33F1EA715D68106180DED2432A293367114A6E325E62F93F73D7ECE4B6A2BCDB829D95C8645C3073B94BA7CB7515CD29042F0967201C6E24A77821E92A6C756DF79841ACBAAE11D90CA03B9FCD24EF9E304B5D35248A7BD70557399960277058AE3E99C7C7E2284858B7BF8B08CDD286964186A50A7FCBCC6A24F00FEE5B9698BBD3B1AEAD0CE81FEA461C0ABD716843A50100040101000500100006E377F547D0D20A4A8ACAE0501098BDE40200070100080008417BD66E6603D401080009417BD66E6603D401";
var keyCredential = new KeyCredential(publicKey, deviceId, DummyDN, creationTime);
byte[] keyCredentialBlob = keyCredential.ToByteArray();
Assert.AreEqual(expectedKeyCredentialBlob, keyCredentialBlob.ToHex(true));
}
public void KeyCredential_Parse_UserKey4()
{
byte[] blob = "00020000200001B172047DE6F5926155BEEF8A10E7F16453C371696E61927257E7DE1876ADBE1920000248054C70147BF28076C655A54D7493FFD723DE422E6DF8BFA89C059D8A3E84521B0103525341310008000003000000000100000000000000000000010001B11FDB9CC39BB2C09AA244E8794BF60C7C9A7348DE93E9F368D4FFA77E6B96BB81898D53DA004BA74EC5E5EAE8C67D6DBC126863A78C436357A6C0AF5AF0557E8B1C71319D98CF6ECABED321E0751EAC0FCD2808A02152B0D703AFE0B54C10132CE981E4088A28110F5A4743B5D5A7862A5EAED28F53F2413CE763BCD823EC81EB225EB6A9A9989006E36A574D3FFDBF62BE4BDC00F7014D2E59BFD4077285BE88232BABFC3AEF85E20D8E97C2A94F64902CC86ADC3A2C486CC7CA8D0B163DEB41F1F66D202382D1C5F7DAC30BF9CA6F26538E5E91F3E1CBD8818B58459676588913BABD84E1AE0C2CCF5A76326F81B063581468B55B3E015DDA17B30A436CA10100040101000501100006739E89E927DBF94AB7EBC4201D6577EB040007010000000800080040230E430000400800094C79579CD17CD448".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.NGC, key.Usage);
Assert.AreEqual(KeySource.AzureAD, key.Source);
Assert.AreEqual(KeyFlags.None, key.CustomKeyInfo.Flags);
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_UserKey3()
{
byte[] blob = "00020000200001D333C85D306B27498806D9AEFDC984C18DE8EB855BF481E4AD3A24A21929FD5B200002E88E7EBE4CE413FDA9ED987C0CC8C327438B0861DC3BE116680CF8E2BAEB27B01B0103525341310008000003000000000100000000000000000000010001976D21DC9A0C0B84040688F5E7F2BB8147B1305CA01CEFDB13E9FAB49EB6734FD3C32B5D34B01EB6ACE35DDF73E62CB506501A5FD1AAAB698FB98AEA2F2721393C155D84DDF59EF91D8F6402FD755D246C3E04BAF96EFA04BBC7DD314C083800B934B192EA587904C938255D781EC0B2FE8FA3135F952A13FF805492579AD6710051525A7A824A8A5CBA74EF4D3A2F2E271856FF633A411912A53BEAA2805A1B57148ACC8404B473FD3580F450DE5AAB10334FEB084B6045A65840898A66BF88AE19DB802AF7FA4AEED95ECDC8FF286AE0075575F82974396B72730C15C511A961BBD6A5A4B46D395AA85F82ACBD585CE57DAE05EE7B22CBEA9E9E02571EF5890100040101000501100006871059FD5C24F54FA5EAC14DE5E2B32D05000701000000000800080040230E43000040080009D1B7948179CED448".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.NGC, key.Usage);
Assert.AreEqual(KeySource.AzureAD, key.Source);
Assert.AreEqual(KeyFlags.None, key.CustomKeyInfo.Flags);
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_UserKey2()
{
byte[] blob = "000200002000013845C226E299D67EFB43D7504DA462E2D951B517124E5D41A9B0C61E5A15B978200002A2E324776A66AED61D60C771DE3B1B8AA38CF260B63083DB1DA554F233FBF92B1B0103525341310008000003000000000100000000000000000000010001BF723DF58198223D30D10EF3335B1360453A89C57D4B8F0CCE3F958F834F50A01A069E3D92AE0DE07C92A43DF405AC756FFE2C97801E879CED5B0E25E052CEBF352C605C36BF87A2CFC16F830ABCB5A14DDC3EE282313ABE7049C55F2D37164BD050A20C8E5F6CD4B9EDDEC523836EA8DDF0E94ECE5B87A4B6541811312FED6BA0A118E174CCA19352C1A0DB704B9E789C086FB58543554746F4DFCDDD8E5DFEA2A548788DC340FD806A6D6ED6F2003B9E1447AF6A4040FBB2802D9093C3EB432BB72B8F033887555F60E70B927CB6C1FEC2BF17C03FCA03B3BAA56FB4F2A1ECCCD33B6C6AFCBB29CB65304E5894FDD77FD3982D1FB2B2AEAC6B5451F14A1A8F01000401010005011000064B5E981009083D448679149422D9E1700600070100000100000800080040230E430000400800097A9DBAB3B32AD548".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.NGC, key.Usage);
Assert.AreEqual(KeySource.AzureAD, key.Source);
Assert.IsTrue(key.CustomKeyInfo.SupportsNotification.Value);
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_UserKey1()
{
byte[] blob = "0002000020000120717AE052FCCF546AAD0D51E878AAD69CE04FDC39F5A8D8E3CEBA6BCB4DA0E720000214B7474E61C1001D3E546CFED8E387CFC1AC86A2CA7B3CDCF1267614585E2A341B0103525341310008000003000000000100000000000000000000010001C1A78914457758B0B13C70C710C7F8548F3F9ED56AD4640B6E6A112655C98ECAC1CBD68A298F5686C08439428A97FE6FDF58D78EA481905182BAD684C2D9C5CDE1CDE34AA19742E8BBF58B953EAC4C562FCF598CC176B02DBE9FFFEF5937A65815C236F92892F7E511A1FEDD5483CB33F1EA715D68106180DED2432A293367114A6E325E62F93F73D7ECE4B6A2BCDB829D95C8645C3073B94BA7CB7515CD29042F0967201C6E24A77821E92A6C756DF79841ACBAAE11D90CA03B9FCD24EF9E304B5D35248A7BD70557399960277058AE3E99C7C7E2284858B7BF8B08CDD286964186A50A7FCBCC6A24F00FEE5B9698BBD3B1AEAD0CE81FEA461C0ABD716843A50100040101000500100006E377F547D0D20A4A8ACAE0501098BDE40200070100080008417BD66E6603D401080009417BD66E6603D401".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.NGC, key.Usage);
Assert.AreEqual(KeySource.AD, key.Source);
Assert.AreEqual("IHF64FL8z1RqrQ1R6Hiq1pzgT9w59ajY4866a8tNoOc=", key.Identifier);
Assert.AreEqual("47f577e3-d2d0-4a0a-8aca-e0501098bde4", key.DeviceId.ToString());
Assert.IsNotNull(key.CustomKeyInfo);
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_DeviceKey()
{
byte[] blob = "0002000020000173E6BEB8A9B5B0828388476E7BFDD5F8E7A113EC0807EF25C0FBCF39CEB4311120000299DA9872C6EB63882C1200B3B2BECCF3C582418F9FC56905963ADA62E52DF3B31B0103525341310008000003000000000100000000000000000000010001B40D7085917A30D2F0D434FEF57477099FFFEBC79F28EB414BB75C86B4B5CAC0D9E6ACA86EB8126EDB724AF40FD773A7F14732A7ED862A0828A367194FB3D61EC6EA15CB450597F3BAA64E4974B255D0819E06B58B47C858C384B88E27D0EA52F962A592B115EEA3AA21A6A5185DD58F5D779118717FD07C8CAF50F5F078BFC3AED355BB2F78E8C48C4F6DA2BD679CDCD1C0ED8320F5BC9EC6545E4E7CD9AA7642E180E2A3AD20BCCCF3C30A34BEDF27835528BE955A7599D42869339218936E78FF6D46BEEE0097F2DECB2791F7842BB55BA639A44F659F547B5AA1E959370ACBC908248D05893D539F7E4E6BE834CCF0A3101879717585D015992B3C9407410100040201000500100006E377F547D0D20A4A8ACAE0501098BDE40200070100080008405E47D3C301D401080009405E47D3C301D401".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.STK, key.Usage);
Assert.AreEqual(KeySource.AD, key.Source);
Assert.AreEqual("c+a+uKm1sIKDiEdue/3V+OehE+wIB+8lwPvPOc60MRE=", key.Identifier);
Assert.IsNotNull(key.CustomKeyInfo);
Assert.IsNotNull(key.RSAPublicKey);
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_ComputerKey()
{
byte[] blob = "000200002000019C00E026B615793DE47951FF58A15F1F967297980C3EDAAF60B9E08FC9986F1320000204B8D485B4691C934E291D38B873B78390D4074B5D5391A851BF12C7466FEEC40E01033082010A0282010100B851C9219527F52E8A51582243E2CCA390B634FE5DE16B2BCA2E225257F3FF20BFE478C98B36095C49D897D42A67E2545D77003D38B9DF18682AF6FBFF281895CE61DADD5F72E13B40DA34E47833D380E58175F7D509DFA5E9971068756626AF1425B7CE0393BDB28AFF8E25CC601DE4542672E723B5BBB4E7D3963C2ACFB445171B43C14683DF0ED6524BD11F583D5BBEEBBA1DE6DE3384DF598E0D8BADACFBF1667890DC72CE61AF746084364BC288D982F23A6CD123E9BB6B701E00B096BE899876FE93BDD8B1C56FC107F36F7B2C8CE1AFB715FCDECA192634BE961B6104F21BFD84C97305123FF69D05D685CC8760CE54D9788457882D9DD39AFDA1D77D0203010001010004010100050008000831FF708C3402D401080009A962ABD55AF6D301".HexToBinary();
// Parse
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.NGC, key.Usage);
Assert.AreEqual(KeySource.AD, key.Source);
Assert.IsNull(key.CustomKeyInfo);
Assert.IsNotNull(key.RSAPublicKey);
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_UserKeyFIDO3()
{
byte[] blob = "00020000460001E54D1CFBC76CA6A746178E601D8B33B13A4E5F210D1B97F760F5C0E4CAFF761CAF7F356C9ED4A09321B9695F1EAF918203F1B55F689DA61FBC96184C157DDA680C810F010000200002FC02803C68BAA0FF7B6EA6B41A8D13FA11AB7C53BD4EE2E064935AED9ED3018D4805037B2276657273696F6E223A312C226175746844617461223A224E577965314B435449626C70587836766B59494438625666614A326D48377957474577566664706F444948464141414244346832597876556F454A2F56334D4F78787965416E6B415275564E48507648624B616E5268654F5942324C4D374536546C38684452755839324431774F544B2F33596372333831624A37556F4A4D6875576C6648712B52676750787456396F6E615966764A595954425639326D674D675138424141436C415149444A694142495667675146336E32333574534D4F725450553250506C7A6F6A3165304D4963687A497349694F774D5436546A777769574341515A486D3362634C46574B3545305074466C535454624859574B7A494D36574D5235566D67596C6C3938364672614731685979317A5A574E795A585431222C22783563223A5B224D49494334544343416F696741774942416749424154414B42676771686B6A4F50515144416A43426744454C4D416B474131554542684D4356564D784554415042674E564241674D43453168636E6C735957356B4D524977454159445651514B44416C54623278764945746C65584D784544414F42674E564241734D42314A7662335167513045784654415442674E5642414D4D44484E76624739725A586C7A4C6D4E76625445684D42384743537147534962334451454A415259536147567362473941633239736232746C65584D75593239744D434158445445344D5445784D5445794E5449774D466F59447A49774E6A67784D4449354D5449314D6A4177576A43426B6A454C4D416B474131554542684D4356564D784554415042674E564241674D43453168636E6C735957356B4D524977454159445651514B44416C54623278764945746C65584D78496A416742674E564241734D475546316447686C626E52705932463062334967515852305A584E3059585270623234784654415442674E5642414D4D44484E76624739725A586C7A4C6D4E76625445684D42384743537147534962334451454A415259536147567362473941633239736232746C65584D75593239744D466B77457759484B6F5A497A6A3043415159494B6F5A497A6A30444151634451674145497634507453703476735A464E786F6F70316444536152766855334B546955636E3355775062385131644C5343376C704C4E3279584254594F595553396950756B6272477250394B47696676344D46555039545A78614F42334443423254416442674E5648513445466751554F2B625377472F79353742386E5A346F774343774451664946636777675A384741315564497753426C7A43426C4B474268715342677A43426744454C4D416B474131554542684D4356564D784554415042674E564241674D43453168636E6C735957356B4D524977454159445651514B44416C54623278764945746C65584D784544414F42674E564241734D42314A7662335167513045784654415442674E5642414D4D44484E76624739725A586C7A4C6D4E76625445684D42384743537147534962334451454A415259536147567362473941633239736232746C65584D755932397467676B417845646A6B6F2F30766F77774351594456523054424149774144414C42674E564851384542414D4342504177436759494B6F5A497A6A3045417749445277417752414967635242474C505557474A6456796D52514F326D79337864787136324F774E616D427A316D696A75372F6D454349423643372B7465546A6F41684754532B4954446544575459344575767159534D6D34706B4D695253334653225D2C22646973706C61794E616D65223A22536F6C6F4B65797320536F6C6F2054617020555342227D0100040701000501100006000000000000000000000000000000000F00070100000000000000000000000000000800080040230E43000040080009E5C7225C0406D748".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.FIDO, key.Usage);
Assert.AreEqual(KeySource.AzureAD, key.Source);
Assert.AreEqual(KeyFlags.None, key.CustomKeyInfo.Flags);
Assert.AreEqual("5U0c+8dspqdGF45gHYszsTpOXyENG5f3YPXA5Mr/dhyvfzVsntSgkyG5aV8er5GCA/G1X2idph+8lhhMFX3aaAyBDwEAAA==", key.Identifier);
Assert.IsInstanceOfType(key.KeyMaterial, typeof(KeyMaterialFido));
var km = (KeyMaterialFido)key.KeyMaterial;
Assert.AreEqual("SoloKeys Solo Tap USB", km.DisplayName);
var expectedRpIdHash = new byte[] { 0x35, 0x6c, 0x9e, 0xd4, 0xa0, 0x93, 0x21, 0xb9, 0x69, 0x5f, 0x1e, 0xaf, 0x91, 0x82, 0x03, 0xf1, 0xb5, 0x5f, 0x68, 0x9d, 0xa6, 0x1f, 0xbc, 0x96, 0x18, 0x4c, 0x15, 0x7d, 0xda, 0x68, 0x0c, 0x81 };
Assert.AreEqual(expectedRpIdHash.ToHex(true), km.AuthenticatorData.RpIdHash.ToHex(true));
Assert.AreEqual(Data.Fido.AuthenticatorFlags.UP | Data.Fido.AuthenticatorFlags.UV | Data.Fido.AuthenticatorFlags.AT | Data.Fido.AuthenticatorFlags.ED, km.AuthenticatorData.Flags);
Assert.AreEqual((uint)0x10f, km.AuthenticatorData.SignCount);
Assert.AreEqual(new Guid("8876631b-d4a0-427f-5773-0ec71c9e0279"), km.AuthenticatorData.AttestedCredentialData.AaGuid);
var expectedCredentialId = "E54D1CFBC76CA6A746178E601D8B33B13A4E5F210D1B97F760F5C0E4CAFF761CAF7F356C9ED4A09321B9695F1EAF918203F1B55F689DA61FBC96184C157DDA680C810F010000";
Assert.AreEqual(expectedCredentialId, km.AuthenticatorData.AttestedCredentialData.CredentialID.ToHex(true));
var strAcd = km.AuthenticatorData.AttestedCredentialData.ToString();
var expectedStrAcd = "AAGUID: 8876631b-d4a0-427f-5773-0ec71c9e0279, CredentialID: E54D1CFBC76CA6A746178E601D8B33B13A4E5F210D1B97F760F5C0E4CAFF761CAF7F356C9ED4A09321B9695F1EAF918203F1B55F689DA61FBC96184C157DDA680C810F010000, CredentialPublicKey: {1: 2, 3: -7, -1: 1, -2: h'405DE7DB7E6D48C3AB4CF5363CF973A23D5ED0C21C87322C2223B0313E938F0C', -3: h'106479B76DC2C558AE44D0FB459524D36C76162B320CE96311E559A062597DF3'}";
Assert.AreEqual(expectedStrAcd, strAcd);
var strExts = km.AuthenticatorData.Extensions.ToString();
var expectedStrExts = "Extensions: {\"hmac-secret\": true}";
Assert.AreEqual(expectedStrExts, strExts);
Assert.IsNull(key.RSAPublicKey);
Assert.IsNotNull(key.ECPublicKey);
Assert.AreEqual("nistP256", key.ECPublicKey.Value.Curve.Oid.FriendlyName);
Assert.AreEqual("405de7db7e6d48c3ab4cf5363cf973a23d5ed0c21c87322c2223b0313e938f0c", key.ECPublicKey.Value.Q.X.ToHex());
Assert.AreEqual("106479b76dc2c558ae44d0fb459524d36c76162b320ce96311e559a062597df3", key.ECPublicKey.Value.Q.Y.ToHex());
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_UserKeyFIDO2()
{
byte[] blob = "00020000460001E03437E7F93F660B0A57F4D31A90B8CFE175C382F8CD3DA1791CBED294DD55C4E56C356C9ED4A09321B9695F1EAF918203F1B55F689DA61FBC96184C157DDA680C81080100002000028250D5D1CA46DD0143BAC3E724D6DF7970D3A0A61A15DD3219242E2498D4303E4005037B2276657273696F6E223A312C226175746844617461223A224E577965314B435449626C70587836766B59494438625666614A326D48377957474577566664706F444948464141414243496832597876556F454A2F56334D4F78787965416E6B41527541304E2B66355032594C436C663030787151754D2F6864634F432B4D30396F586B6376744B553356584535577731624A37556F4A4D6875576C6648712B52676750787456396F6E615966764A595954425639326D674D675167424141436C415149444A69414249566767536F4C6A4F5279687A4557336C6A334F4573715450507A753157354D4C75395539572B464554316C4A44776957434461504B34663373326D50447442566968745652544669345467546E634C757A3862776735516F51584D304B4672614731685979317A5A574E795A585431222C22783563223A5B224D49494334544343416F696741774942416749424154414B42676771686B6A4F50515144416A43426744454C4D416B474131554542684D4356564D784554415042674E564241674D43453168636E6C735957356B4D524977454159445651514B44416C54623278764945746C65584D784544414F42674E564241734D42314A7662335167513045784654415442674E5642414D4D44484E76624739725A586C7A4C6D4E76625445684D42384743537147534962334451454A415259536147567362473941633239736232746C65584D75593239744D434158445445344D5445784D5445794E5449774D466F59447A49774E6A67784D4449354D5449314D6A4177576A43426B6A454C4D416B474131554542684D4356564D784554415042674E564241674D43453168636E6C735957356B4D524977454159445651514B44416C54623278764945746C65584D78496A416742674E564241734D475546316447686C626E52705932463062334967515852305A584E3059585270623234784654415442674E5642414D4D44484E76624739725A586C7A4C6D4E76625445684D42384743537147534962334451454A415259536147567362473941633239736232746C65584D75593239744D466B77457759484B6F5A497A6A3043415159494B6F5A497A6A30444151634451674145497634507453703476735A464E786F6F70316444536152766855334B546955636E3355775062385131644C5343376C704C4E3279584254594F595553396950756B6272477250394B47696676344D46555039545A78614F42334443423254416442674E5648513445466751554F2B625377472F79353742386E5A346F774343774451664946636777675A384741315564497753426C7A43426C4B474268715342677A43426744454C4D416B474131554542684D4356564D784554415042674E564241674D43453168636E6C735957356B4D524977454159445651514B44416C54623278764945746C65584D784544414F42674E564241734D42314A7662335167513045784654415442674E5642414D4D44484E76624739725A586C7A4C6D4E76625445684D42384743537147534962334451454A415259536147567362473941633239736232746C65584D755932397467676B417845646A6B6F2F30766F77774351594456523054424149774144414C42674E564851384542414D4342504177436759494B6F5A497A6A3045417749445277417752414967635242474C505557474A6456796D52514F326D79337864787136324F774E616D427A316D696A75372F6D454349423643372B7465546A6F41684754532B4954446544575459344575767159534D6D34706B4D695253334653225D2C22646973706C61794E616D65223A22536F6C6F4B65797320536F6C6F227D0100040701000501100006000000000000000000000000000000000F00070100000000000000000000000000000800080040230E43000040080009D73EB2400406D748".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.FIDO, key.Usage);
Assert.AreEqual(KeySource.AzureAD, key.Source);
Assert.AreEqual(KeyFlags.None, key.CustomKeyInfo.Flags);
Assert.AreEqual("4DQ35/k/ZgsKV/TTGpC4z+F1w4L4zT2heRy+0pTdVcTlbDVsntSgkyG5aV8er5GCA/G1X2idph+8lhhMFX3aaAyBCAEAAA==", key.Identifier);
Assert.IsInstanceOfType(key.KeyMaterial, typeof(KeyMaterialFido));
var km = (KeyMaterialFido)key.KeyMaterial;
Assert.AreEqual("SoloKeys Solo", km.DisplayName);
var expectedRpIdHash = new byte[] { 0x35, 0x6c, 0x9e, 0xd4, 0xa0, 0x93, 0x21, 0xb9, 0x69, 0x5f, 0x1e, 0xaf, 0x91, 0x82, 0x03, 0xf1, 0xb5, 0x5f, 0x68, 0x9d, 0xa6, 0x1f, 0xbc, 0x96, 0x18, 0x4c, 0x15, 0x7d, 0xda, 0x68, 0x0c, 0x81 };
Assert.AreEqual(expectedRpIdHash.ToHex(true), km.AuthenticatorData.RpIdHash.ToHex(true));
Assert.AreEqual(Data.Fido.AuthenticatorFlags.UP | Data.Fido.AuthenticatorFlags.UV | Data.Fido.AuthenticatorFlags.AT | Data.Fido.AuthenticatorFlags.ED, km.AuthenticatorData.Flags);
Assert.AreEqual((uint)0x108, km.AuthenticatorData.SignCount);
Assert.AreEqual(new Guid("8876631b-d4a0-427f-5773-0ec71c9e0279"), km.AuthenticatorData.AttestedCredentialData.AaGuid);
var expectedCredentialId = "E03437E7F93F660B0A57F4D31A90B8CFE175C382F8CD3DA1791CBED294DD55C4E56C356C9ED4A09321B9695F1EAF918203F1B55F689DA61FBC96184C157DDA680C8108010000";
Assert.AreEqual(expectedCredentialId, km.AuthenticatorData.AttestedCredentialData.CredentialID.ToHex(true));
var strAcd = km.AuthenticatorData.AttestedCredentialData.ToString();
var expectedStrAcd = "AAGUID: 8876631b-d4a0-427f-5773-0ec71c9e0279, CredentialID: E03437E7F93F660B0A57F4D31A90B8CFE175C382F8CD3DA1791CBED294DD55C4E56C356C9ED4A09321B9695F1EAF918203F1B55F689DA61FBC96184C157DDA680C8108010000, CredentialPublicKey: {1: 2, 3: -7, -1: 1, -2: h'4A82E3391CA1CC45B7963DCE12CA933CFCEED56E4C2EEF54F56F85113D65243C', -3: h'DA3CAE1FDECDA63C3B4156286D5514C58B84E04E770BBB3F1BC20E50A105CCD0'}";
Assert.AreEqual(expectedStrAcd, strAcd);
var strExts = km.AuthenticatorData.Extensions.ToString();
var expectedStrExts = "Extensions: {\"hmac-secret\": true}";
Assert.AreEqual(expectedStrExts, strExts);
Assert.IsNull(key.RSAPublicKey);
Assert.IsNotNull(key.ECPublicKey);
Assert.AreEqual("nistP256", key.ECPublicKey.Value.Curve.Oid.FriendlyName);
Assert.AreEqual("4a82e3391ca1cc45b7963dce12ca933cfceed56e4c2eef54f56f85113d65243c", key.ECPublicKey.Value.Q.X.ToHex());
Assert.AreEqual("da3cae1fdecda63c3b4156286d5514c58b84e04e770bbb3f1bc20e50a105ccd0", key.ECPublicKey.Value.Q.Y.ToHex());
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_UserKeyFIDO1()
{
byte[] blob = "0002000010000134A672EA255A6DC9664567A35325E5DA20000226806F834F0151F48999B5813F5890EA2EB6C5977799AC94A2E9B419A811C007CC04037B2276657273696F6E223A312C226175746844617461223A224E577965314B435449626C70587836766B59494438625666614A326D48377957474577566664706F44494846414141417750696745664F4D436B30566741595845522B65334830414544536D63756F6C576D334A5A6B566E6F314D6C3564716C415149444A694142495667677030704E77387A6A6A786B3254745A444B526D5372746F686664545973437751314971714874453333713469574341414F47494B5839634F6A7144433458446850394156577536504673374347364E746D637474314C4742714B4672614731685979317A5A574E795A585431222C22783563223A5B224D494943766A434341616167417749424167494564496239776A414E42676B71686B69473977304241517346414441754D5377774B6759445651514445794E5A64574A705932386756544A4749464A7662335167513045675532567961574673494451314E7A49774D44597A4D544167467730784E4441344D4445774D4441774D444261474138794D4455774D446B774E4441774D4441774D466F77627A454C4D416B474131554542684D4355305578456A415142674E5642416F4D43566C31596D6C6A62794242516A45694D434147413155454377775A515856306147567564476C6A59585276636942426448526C6333526864476C76626A456F4D43594741315545417777665758566961574E764946557952694246525342545A584A70595777674D546B314E5441774D7A67304D6A425A4D424D4742797147534D34394167454743437147534D34394177454841304941424A5664383633334A48307864652F396E4D547A476B36486A72726867516C57595644374F4973755832556E763164416D7157427051304B785338595246774B4531534B45315049704F5761634535534F38424E362B326A624442714D43494743537347415151426773514B416751564D53347A4C6A59754D5334304C6A45754E4445304F4449754D5334784D424D474379734741515142677555634167454242415144416755674D43454743797347415151426775556341514545424249454550696745664F4D436B30566741595845522B653348307744415944565230544151482F424149774144414E42676B71686B6947397730424151734641414F43415145414D567849674F6161556E34345A6F6D396166304B7147394A3635354F6855564256572B713041733641496F643341483562486232614459616B6549797942436E6E474D48544A7475656B627248625859584552496E34614B646B50534B6C79474C73412F412B5745692B4F416658724E56666A68726837694536787A71307367342F76564A6F7977653465414A783066532B446C3361787A545470596C37314E6337702F4E583669434D6D64696B30704175594A6567426354636B4533416F594567344B3939414D2F4A61614B49626C73624668382B334C786E656D654E663755774F637A614747766A5336557A475649304F6466396C4B6350497759687554784D3543614E4D58545A51377871342F79546643336B50577445346846543334554A4A666C5A42694C727847344F7359786B48772F6E35764B676D707370423347665975595457686B444B69453843597479673837673D3D225D2C22646973706C61794E616D65223A22597562694B6579204649444F32227D0100040701000501100006000000000000000000000000000000000F00070101000000000000000000000000000800080040230E43000040080009B6FB5FFC0506D748".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.FIDO, key.Usage);
Assert.AreEqual(KeySource.AzureAD, key.Source);
Assert.AreEqual(KeyFlags.Attestation, key.CustomKeyInfo.Flags);
Assert.AreEqual("NKZy6iVabclmRWejUyXl2g==", key.Identifier);
Assert.IsInstanceOfType(key.KeyMaterial, typeof(KeyMaterialFido));
var km = (KeyMaterialFido)key.KeyMaterial;
Assert.AreEqual("YubiKey FIDO2", km.DisplayName);
var expectedRpIdHash = new byte[] { 0x35, 0x6c, 0x9e, 0xd4, 0xa0, 0x93, 0x21, 0xb9, 0x69, 0x5f, 0x1e, 0xaf, 0x91, 0x82, 0x03, 0xf1, 0xb5, 0x5f, 0x68, 0x9d, 0xa6, 0x1f, 0xbc, 0x96, 0x18, 0x4c, 0x15, 0x7d, 0xda, 0x68, 0x0c, 0x81 };
Assert.AreEqual(expectedRpIdHash.ToHex(true), km.AuthenticatorData.RpIdHash.ToHex(true));
Assert.AreEqual(Data.Fido.AuthenticatorFlags.UP | Data.Fido.AuthenticatorFlags.UV | Data.Fido.AuthenticatorFlags.AT | Data.Fido.AuthenticatorFlags.ED, km.AuthenticatorData.Flags);
Assert.AreEqual((uint)0xc0, km.AuthenticatorData.SignCount);
Assert.AreEqual(new Guid("f8a011f3-8c0a-4d15-8006-17111f9edc7d"), km.AuthenticatorData.AttestedCredentialData.AaGuid);
var expectedCredentialId = new byte[] { 0x34, 0xa6, 0x72, 0xea, 0x25, 0x5a, 0x6d, 0xc9, 0x66, 0x45, 0x67, 0xa3, 0x53, 0x25, 0xe5, 0xda };
Assert.AreEqual(expectedCredentialId.ToHex(true), km.AuthenticatorData.AttestedCredentialData.CredentialID.ToHex(true));
var strAcd = km.AuthenticatorData.AttestedCredentialData.ToString();
var expectedStrAcd = "AAGUID: f8a011f3-8c0a-4d15-8006-17111f9edc7d, CredentialID: 34A672EA255A6DC9664567A35325E5DA, CredentialPublicKey: {1: 2, 3: -7, -1: 1, -2: h'A74A4DC3CCE38F19364ED643291992AEDA217DD4D8B02C10D48AAA1ED137DEAE', -3: h'0038620A5FD70E8EA0C2E170E13FD0155AEE8F16CEC21BA36D99CB6DD4B181A8'}";
Assert.AreEqual(expectedStrAcd, strAcd);
var strExts = km.AuthenticatorData.Extensions.ToString();
var expectedStrExts = "Extensions: {\"hmac-secret\": true}";
Assert.AreEqual(expectedStrExts, strExts);
Assert.IsNull(key.RSAPublicKey);
Assert.IsNotNull(key.ECPublicKey);
Assert.AreEqual("nistP256", key.ECPublicKey.Value.Curve.Oid.FriendlyName);
Assert.AreEqual("a74a4dc3cce38f19364ed643291992aeda217dd4d8b02c10d48aaa1ed137deae", key.ECPublicKey.Value.Q.X.ToHex());
Assert.AreEqual("0038620a5fd70e8ea0c2e170e13fd0155aee8f16cec21ba36d99cb6dd4b181a8", key.ECPublicKey.Value.Q.Y.ToHex());
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_UserKeyFIDO0()
{
byte[] blob = "000200001000015847BA3C54FEDCC4FEA49D957D1FF88D20000261D774442D358413F23535501330F1FCB80FAA161C090932FA706966C812B724C404037B2276657273696F6E223A312C226175746844617461223A224E577965314B435449626C70587836766B59494438625666614A326D48377957474577566664706F44494846414141414D766F726D6479654F554A586A354A4B4D4E49385152674145466848756A78552F747A452F7153646C5830662B49326C415149444A69414249566767684858674A303148324B3568387A473075642F762B4E6757724F504C726F6B3976364E436D3168666F766B695743435376764C507A456F667878324D67442F4F54337A676C5850587A6357464B36554C575863505A54305862364672614731685979317A5A574E795A585431222C22783563223A5B224D4949437644434341615367417749424167494541363377456A414E42676B71686B69473977304241517346414441754D5377774B6759445651514445794E5A64574A705932386756544A4749464A7662335167513045675532567961574673494451314E7A49774D44597A4D544167467730784E4441344D4445774D4441774D444261474138794D4455774D446B774E4441774D4441774D466F776254454C4D416B474131554542684D4355305578456A415142674E5642416F4D43566C31596D6C6A62794242516A45694D434147413155454377775A515856306147567564476C6A59585276636942426448526C6333526864476C76626A456D4D43514741315545417777645758566961574E764946557952694246525342545A584A70595777674E6A45334D7A41344D7A51775754415442676371686B6A4F5051494242676771686B6A4F50514D4242774E434141515A6E6F65634669323333446E75536B4B675268616C73776E2B79676B766472344A53506C746270584B354D786C7A56536757632B3978386D7A477973646242684565634C41596651597170564C57576F7348506F586F327777616A416942676B724267454541594C4543674945465445754D7934324C6A45754E4334784C6A51784E4467794C6A45754E7A4154426773724267454541594C6C4841494241515145417749454D444168426773724267454541594C6C4841454242415153424244364B356E636E6A6C4356342B53536A4453504545594D41774741315564457745422F7751434D4141774451594A4B6F5A496876634E4151454C425141446767454241436A727332662B30646A77346F6E7279702F32324164587867366135587978636F796248446A4B7537324532534E3971444773495A536644793338444446722F6246317332356A6F69753757413674796C4B4130486D45446C6F654A584A69576A76376832417A322F736971576E4A4F4C6963345845316C4143684A53325841716B536B39564647656C6733534C4F696966724265742B6562645177414C2B325146726352374A7258525147396B557937364F3256635367626450524F7348664F59657977617268616C7956535A2B364F4F594B2F512F444C49614F43306A58726E6B7A6D32796D4D5146516C4241497973725965454D3177786946627744742B6C416362634F4574484566355A6C576937356E557A6C576E386253782F35464F3454625A35684945635569475270694942454D525A6C4F496D345A49625A79636E2F764A4F465254567073305630533479677444633D225D2C22646973706C61794E616D65223A22597562696B65792035227D0100040701000501100006000000000000000000000000000000000F00070101000000000000000000000000000800080040230E430000400800099310993462F6D648".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.FIDO, key.Usage);
Assert.AreEqual(KeySource.AzureAD, key.Source);
Assert.AreEqual(KeyFlags.Attestation, key.CustomKeyInfo.Flags);
Assert.AreEqual("WEe6PFT+3MT+pJ2VfR/4jQ==", key.Identifier);
Assert.IsInstanceOfType(key.KeyMaterial, typeof(KeyMaterialFido));
var km = (KeyMaterialFido)key.KeyMaterial;
Assert.AreEqual("Yubikey 5", km.DisplayName);
var expectedRpIdHash = new byte[] { 0x35, 0x6c, 0x9e, 0xd4, 0xa0, 0x93, 0x21, 0xb9, 0x69, 0x5f, 0x1e, 0xaf, 0x91, 0x82, 0x03, 0xf1, 0xb5, 0x5f, 0x68, 0x9d, 0xa6, 0x1f, 0xbc, 0x96, 0x18, 0x4c, 0x15, 0x7d, 0xda, 0x68, 0x0c, 0x81 };
Assert.AreEqual(expectedRpIdHash.ToHex(true), km.AuthenticatorData.RpIdHash.ToHex(true));
Assert.AreEqual(Data.Fido.AuthenticatorFlags.UP | Data.Fido.AuthenticatorFlags.UV | Data.Fido.AuthenticatorFlags.AT | Data.Fido.AuthenticatorFlags.ED, km.AuthenticatorData.Flags);
Assert.AreEqual((uint)0x32, km.AuthenticatorData.SignCount);
Assert.AreEqual(new Guid("fa2b99dc-9e39-4257-8f92-4a30d23c4118"), km.AuthenticatorData.AttestedCredentialData.AaGuid);
var expectedCredentialId = new byte[] { 0x58, 0x47, 0xba, 0x3c, 0x54, 0xfe, 0xdc, 0xc4, 0xfe, 0xa4, 0x9d, 0x95, 0x7d, 0x1f, 0xf8, 0x8d };
Assert.AreEqual(expectedCredentialId.ToHex(true), km.AuthenticatorData.AttestedCredentialData.CredentialID.ToHex(true));
var strAcd = km.AuthenticatorData.AttestedCredentialData.ToString();
var expectedStrAcd = "AAGUID: fa2b99dc-9e39-4257-8f92-4a30d23c4118, CredentialID: 5847BA3C54FEDCC4FEA49D957D1FF88D, CredentialPublicKey: {1: 2, 3: -7, -1: 1, -2: h'8475E0274D47D8AE61F331B4B9DFEFF8D816ACE3CBAE893DBFA3429B585FA2F9', -3: h'92BEF2CFCC4A1FC71D8C803FCE4F7CE09573D7CDC5852BA50B59770F653D176F'}";
Assert.AreEqual(expectedStrAcd, strAcd);
var strExts = km.AuthenticatorData.Extensions.ToString();
var expectedStrExts = "Extensions: {\"hmac-secret\": true}";
Assert.AreEqual(expectedStrExts, strExts);
Assert.IsNull(key.RSAPublicKey);
Assert.IsNotNull(key.ECPublicKey);
Assert.AreEqual("nistP256", key.ECPublicKey.Value.Curve.Oid.FriendlyName);
Assert.AreEqual("8475e0274d47d8ae61f331b4b9dfeff8d816ace3cbae893dbfa3429b585fa2f9", key.ECPublicKey.Value.Q.X.ToHex());
Assert.AreEqual("92bef2cfcc4a1fc71d8c803fce4f7ce09573d7cdc5852ba50b59770f653d176f", key.ECPublicKey.Value.Q.Y.ToHex());
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}
public void KeyCredential_Parse_NonMFAKey()
{
// Dummy key incorrectly used by the official ADComputerKeys module to "delete" existing values from registered devices.
byte[] blob = "000200002000010D76D33954251DA969022D0D3B009939E256A6C9B3FF657907C72063F89AE79E200002F6B00E6A9BA3066ABDE0E4B23EB82D5E42898263AD46CA84BE0CFD20E81F91C00E01033082010A0282010100D6589A6FE210490583C1DCD57E3579AB24979D9B1A7118E3553DEDCFFA5CF5ABD41CF6C19CBBE598CE6F9140541E8FF8A778BD5CAADD8D038A49785A4D9031C98E26783E824BA3CF00D86C112A9A5C65A5ACF2B077E365D947BD41A437E7034CC00A77550B2EA8CEC18C1F7516DA4DC13177E1DE1D32FBBDDE1E1FD7395AAB71A8F302B985A64248C3A239E6943AEAFA9A8B591AE499F31723F7DC8A22A6D197445056DA4DF9D13443DB4A6201D52D82795A2F2FFA2F75B6F2605E213609A39DF33F26E023D83D9C4BDDD4879E234407833BA38460CBC66D9D31CDF2C5B3A042F321DA7F2140ECC4A5A190306ED51FE0EA5273DD83D5338B2554ABD3738A06A50203010001010004010100050002000701020800086254F138261CD3010800096254F138261CD301".HexToBinary();
var key = new KeyCredential(blob, DummyDN);
Assert.AreEqual(KeyCredentialVersion.Version2, key.Version);
Assert.AreEqual(KeyUsage.NGC, key.Usage);
Assert.AreEqual(KeySource.AD, key.Source);
Assert.IsTrue(key.CustomKeyInfo.Flags.HasFlag(KeyFlags.MFANotUsed));
Assert.IsNotNull(key.RSAPublicKey);
Assert.IsNotNull(key.RSAModulus);
Assert.AreEqual(256, key.RSAPublicKey.Value.Modulus.Length);
// Serialize
byte[] serialized = key.ToByteArray();
Assert.AreEqual(blob.Length, serialized.Length);
CollectionAssert.AreEqual(blob, serialized);
}