public FidoDeviceRegistration FinishRegistration(FidoStartedRegistration startedRegistration,
FidoRegisterResponse registerResponse, IEnumerable<FidoFacetId> trustedFacetIds)
{
if (startedRegistration == null) throw new ArgumentNullException("startedRegistration");
if (registerResponse == null) throw new ArgumentNullException("registerResponse");
if (trustedFacetIds == null) throw new ArgumentNullException("trustedFacetIds");
registerResponse.Validate();
var clientData = registerResponse.ClientData;
ExpectClientDataType(clientData, RegisterType);
if (clientData.Challenge != startedRegistration.Challenge)
throw new InvalidOperationException("Incorrect challenge signed in client data");
ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin));
var registrationData = registerResponse.RegistrationData;
VerifyResponseSignature(startedRegistration.AppId, registrationData, clientData);
return new FidoDeviceRegistration(registrationData.KeyHandle, registrationData.UserPublicKey,
registrationData.AttestationCertificate, 0);
}