tests: improved PivSession tests

remove unnecessary test on size of certs
reduced test logic
remove unused class
add default pin and puk to base class

Author: DennisDyallo

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/AttestTests.cs

@@ -32,8 +32,6 @@ public void Attest_EmptySlot_ThrowsException(
         {
             TestDeviceType = deviceType;
 
-            LoadAttestationPair(KeyType.ECP256, true);
-            
             _ = Assert.Throws<InvalidOperationException>(() =>
                 Session.CreateAttestationStatement(PivSlot.Authentication));
         }
@@ -44,15 +42,13 @@ public void Attest_Imported_ThrowsException(
             StandardTestDevice deviceType)
         {
             TestDeviceType = deviceType;
+            var privateKey = TestKeys.GetTestPrivateKey(KeyType.ECP384).AsPrivateKey();
 
-            LoadAttestationPair(KeyType.ECP384, true);
-            PivSupport.ResetPiv(Session);
-
-            var isValid = PivSupport.ImportKey(Session, PivSlot.Authentication);
-            Assert.True(isValid);
+            Session.ImportPrivateKey(PivSlot.Retired1, privateKey);
 
+            // Cannot attest to an imported key.
             _ = Assert.Throws<InvalidOperationException>(() =>
-                Session.CreateAttestationStatement(PivSlot.Authentication));
+                Session.CreateAttestationStatement(PivSlot.Retired1));
         }
 
         [Theory]
@@ -66,30 +62,20 @@ public void AttestGenerated(
             StandardTestDevice deviceType)
         {
             TestDeviceType = deviceType;
-            byte[] slotNumbers =
-            {
-                0x9A, 0x9C, 0x9D, 0x9E,
-                0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F,
-                0x90, 0x91, 0x92, 0x93, 0x94, 0x95
-            };
 
-            LoadAttestationPair(keyType, true);
+            const byte slotNumber = PivSlot.Retired1;
+            _ = Session.GenerateKeyPair(
+                slotNumber, keyType, PivPinPolicy.Never, PivTouchPolicy.Never);
 
-            foreach (var slotNumber in slotNumbers)
+            X509Certificate2? cert = null;
+            try
             {
-                _ = Session.GenerateKeyPair(
-                    slotNumber, KeyType.ECP256, PivPinPolicy.Never, PivTouchPolicy.Never);
-
-                X509Certificate2? cert = null;
-                try
-                {
-                    cert = Session.CreateAttestationStatement(slotNumber);
-                    Assert.NotEqual(1, cert.Version);
-                }
-                finally
-                {
-                    cert?.Dispose();
-                }
+                cert = Session.CreateAttestationStatement(slotNumber);
+                Assert.NotEqual(1, cert.Version);
+            }
+            finally
+            {
+                cert?.Dispose();
             }
         }
 
@@ -135,16 +121,18 @@ public void GetAttestationCert_ReturnsCert(
         [InlineData(BadAttestationPairs.KeyEccP256CertVersion1, StandardTestDevice.Fw5)]
         [InlineData(BadAttestationPairs.KeyEccP384CertVersion1, StandardTestDevice.Fw5)]
         [InlineData(BadAttestationPairs.KeyRsa2048CertBigName, StandardTestDevice.Fw5)]
-        public void UseBadAttestPair_CreateStatement_ThrowsInvalidOp(int whichPair, StandardTestDevice deviceType)
+        public void UseBadAttestPair_CreateStatement_ThrowsInvalidOp(
+            int whichPair,
+            StandardTestDevice deviceType)
         {
             TestDeviceType = deviceType;
             BadAttestationPairs.GetPair(whichPair, out var privateKeyPem, out var certPem);
-        
+
             var certObj = X509CertificateLoader.LoadCertificate(PemHelper.GetBytesFromPem(certPem));
             var privateKey = AsnPrivateKeyDecoder.CreatePrivateKey(PemHelper.GetBytesFromPem(privateKeyPem));
             var isValid = LoadAttestationPairCommands(privateKey, certObj);
             Assert.True(isValid);
-        
+
             isValid = AttestationShouldFail(BadAttestationPairs.KeyRsa1024CertValid);
             Assert.True(isValid);
         }
@@ -216,7 +204,7 @@ private void LoadAttestationPair(
             var testCert = TestKeys.GetTestCertificate(keyType, isValidCert);
             var testPrivKey = TestKeys.GetTestPrivateKey(keyType);
             var privateKey = testPrivKey.AsPrivateKey();
-            
+
             Session.ReplaceAttestationKeyAndCertificate(privateKey, testCert.AsX509Certificate2());
         }
     }

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/CertSizeTests.cs

@@ -22,13 +22,10 @@ namespace Yubico.YubiKey.Piv;
 
 public class PivSessionIntegrationTestBase : IDisposable
 {
-    private bool _disposed;
-    private PivSession? _session;
-
-    protected ReadOnlyMemory<byte> DefaultPin = "123456"u8.ToArray();
-    protected ReadOnlyMemory<byte> DefaultPuk = "12345678"u8.ToArray();
+    public static readonly ReadOnlyMemory<byte> DefaultPin = "123456"u8.ToArray();
+    public static readonly ReadOnlyMemory<byte> DefaultPuk = "12345678"u8.ToArray();
 
-    protected readonly ReadOnlyMemory<byte> DefaultManagementKey = new byte[] // Both Aes and TDes
+    public static readonly ReadOnlyMemory<byte> DefaultManagementKey = new byte[] // Both Aes and TDes
     {
         0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
         0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
@@ -42,6 +39,9 @@ public class PivSessionIntegrationTestBase : IDisposable
     protected PivSession Session => _session ??= GetSession(true);
     protected IYubiKeyDevice Device => IntegrationTestDeviceEnumeration.GetTestDevice(TestDeviceType);
 
+    private bool _disposed;
+    private PivSession? _session;
+
     protected PivSessionIntegrationTestBase()
     {
         using var session = GetSessionInternal(Device, false);

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/PivSessionIntegrationTestBase.cs

@@ -142,7 +142,7 @@ public void ResetPin()
             SetKeyFlag(0);
             var isChanged = Session.TryResetPin();
             Assert.True(isChanged);
-
+            
             isChanged = Session.TryChangePuk();
             Assert.True(isChanged);
 
@@ -238,11 +238,11 @@ private void TryGenerate(
             byte slotNumber,
             ResponseStatus expectedStatus,
             PivSession? session = null
-            )
+        )
         {
             var genPairCommand = new GenerateKeyPairCommand(
                 slotNumber, KeyType.ECP256, PivPinPolicy.Always, PivTouchPolicy.Never);
-            
+
             var sessionToUse = session ?? Session;
             var genPairResponse = sessionToUse.Connection.SendCommand(genPairCommand);
             var success = genPairResponse.Status == expectedStatus;