tests: add TestKeyExtensions for converting keys to PIV formats and update key retrieval methods

Author: DennisDyallo

Yubico.YubiKey/tests/unit/Yubico/YubiKey/TestUtilities/TestKeysTests.cs

@@ -9,7 +9,7 @@ public class TestKeysTests
         [Fact]
         public void TestKey_LoadRSA_CanReadPublicKey()
         {
-            var key = TestKeys.GetKey("rsa4096", false);
+            var key = TestKeys.GetPublicKey("rsa4096");
 
             var rsaKey = key.AsRSA();
             Assert.NotNull(rsaKey);
@@ -19,7 +19,7 @@ public void TestKey_LoadRSA_CanReadPublicKey()
         [Fact]
         public void TestKey_LoadRSA_CanReadPrivateKey()
         {
-            var key = TestKeys.GetKey("rsa4096", true);
+            var key = TestKeys.GetPrivateKey("rsa4096");
 
             var rsaKey = key.AsRSA();
             Assert.NotNull(rsaKey);
@@ -29,7 +29,7 @@ public void TestKey_LoadRSA_CanReadPrivateKey()
         [Fact]
         public void TestKey_LoadECDsa_CanReadPublicKey()
         {
-            var key = TestKeys.GetKey("p384", false);
+            var key = TestKeys.GetPublicKey("p384");
 
             var ecKey = key.AsECDsa();
             Assert.NotNull(ecKey);
@@ -38,23 +38,23 @@ public void TestKey_LoadECDsa_CanReadPublicKey()
         [Fact]
         public void TestKey_LoadECDsa_ThrowsOnRSAKey()
         {
-            var key = TestKeys.GetKey("rsa4096", false);
+            var key = TestKeys.GetPublicKey("rsa4096");
 
             Assert.Throws<InvalidOperationException>(() => key.AsECDsa());
         }
 
         [Fact]
         public void TestKey_LoadRSA_ThrowsOnECKey()
         {
-            var key = TestKeys.GetKey("p384", false);
+            var key = TestKeys.GetPublicKey("p384");
 
             Assert.Throws<InvalidOperationException>(() => key.AsRSA());
         }
 
         [Fact]
         public void TestKey_AsBase64_StripsHeaders()
         {
-            var key = TestKeys.GetKey("rsa4096", false);
+            var key = TestKeys.GetPublicKey("rsa4096");
 
             string base64 = key.AsBase64();
             Assert.DoesNotContain("-----BEGIN", base64);
@@ -65,9 +65,9 @@ public void TestKey_AsBase64_StripsHeaders()
         [Fact]
         public void TestKey_AsPemBase64_PreservesFormat()
         {
-            var key = TestKeys.GetKey("rsa4096", false);
+            var key = TestKeys.GetPublicKey("rsa4096");
 
-            string pem = key.AsPem();
+            string pem = key.AsPemString();
             Assert.Contains("-----BEGIN PUBLIC KEY-----", pem);
             Assert.Contains("-----END PUBLIC KEY-----", pem);
         }
@@ -94,7 +94,7 @@ public void TestCertificate_Load_CanReadAttestationCertificate()
         [Fact]
         public void TestKey_Load_ThrowsOnMissingFile()
         {
-            Assert.Throws<FileNotFoundException>(() => TestKeys.GetKey("invalid", false));
+            Assert.Throws<FileNotFoundException>(() => TestKeys.GetPublicKey("invalid"));
         }
 
         [Fact]

Yubico.YubiKey/tests/utilities/Yubico/YubiKey/TestUtilities/SampleKeyPairs.cs

@@ -35,7 +35,7 @@ public static bool GetMatchingKeyAndCert(
             }
 
             cert = TestKeys.GetCertificate(curve).AsX509Certificate2();
-            privateKey = TestKeys.GetKey(curve, true).AsPrivateKey();
+            privateKey = TestKeys.GetPrivateKey(curve).AsPrivateKey();
             return true;
         }
 
@@ -56,30 +56,30 @@ public static bool GetKeysAndCertPem(
             }
 
             var testCert = TestKeys.GetCertificate(curve, validAttest);
-            var testPrivKey = TestKeys.GetKey(curve, true);
-            var testPubKey = TestKeys.GetKey(curve, false);
+            var testPrivKey = TestKeys.GetPrivateKey(curve);
+            var testPubKey = TestKeys.GetPublicKey(curve);
 
-            cert = testCert.AsPem();
-            privateKey = testPrivKey.AsPem();
-            publicKey = testPubKey.AsPem();
+            cert = testCert.AsPemString();
+            privateKey = testPrivKey.AsPemString();
+            publicKey = testPubKey.AsPemString();
             return true;
         }
 
         public static PivPublicKey GetPivPublicKey(PivAlgorithm algorithm)
         {
-            string curve = GetCurveFromAlgorithm(algorithm);
-            return TestKeys.GetKey(curve, false).AsPublicKey();
+            var curve = GetCurveFromAlgorithm(algorithm);
+            return TestKeys.GetPublicKey(curve).AsPublicKey();
         }
 
         public static PivPrivateKey GetPivPrivateKey(PivAlgorithm algorithm) 
         {
-            string curve = GetCurveFromAlgorithm(algorithm);
-            return TestKeys.GetKey(curve, true).AsPrivateKey();
+            var curve = GetCurveFromAlgorithm(algorithm);
+            return TestKeys.GetPrivateKey(curve).AsPrivateKey();
         }
 
         public static X509Certificate2 GetCert(PivAlgorithm algorithm)
         {
-            string curve = GetCurveFromAlgorithm(algorithm);
+            var curve = GetCurveFromAlgorithm(algorithm);
             return TestKeys.GetCertificate(curve).AsX509Certificate2();
         }
 

Yubico.YubiKey/tests/utilities/Yubico/YubiKey/TestUtilities/TestKeyExtensions.cs

@@ -0,0 +1,27 @@
+using Yubico.YubiKey.Piv;
+
+namespace Yubico.YubiKey.TestUtilities
+{
+    public static class TestKeyExtensions
+    {
+        /// <summary>
+        /// Converts the key to a PIV private key format.
+        /// </summary>
+        /// <returns>PivPrivateKey instance</returns>
+        public static PivPrivateKey AsPrivateKey(this TestKey key)
+        {
+            return new KeyConverter(key.AsPemString()).GetPivPrivateKey();
+        }
+
+        /// <summary>
+        /// Converts the key to a PIV public key format.
+        /// </summary>
+        /// <returns>PivPublicKey instance</returns>
+        public static PivPublicKey AsPublicKey(this TestKey key)
+
+        {
+            return new KeyConverter(key.AsPemString()).GetPivPublicKey();
+        }
+    }
+}
+

Yubico.YubiKey/tests/utilities/Yubico/YubiKey/TestUtilities/TestKeys.cs

@@ -17,15 +17,35 @@ public abstract class TestCrypto
         protected readonly byte[] _bytes;
         protected readonly string _pemStringFull;
 
+        /// <summary>
+        /// Initializes a new instance of TestCrypto with PEM-encoded data from a file.
+        /// </summary>
+        /// <param name="filePath">Path to the PEM file containing cryptographic data.</param>
         protected TestCrypto(string filePath)
         {
-            var pemString = File.ReadAllText(filePath);
-            _pemStringFull = pemString.Replace("\n", "").Trim();
+            _pemStringFull = File
+                .ReadAllText(filePath)
+                .Replace("\n", "")
+                .Trim();
             _bytes = GetBytesFromPem(_pemStringFull);
         }
 
+        /// <summary>
+        /// Returns the raw byte representation of the cryptographic data.
+        /// </summary>
+        /// <returns>Byte array containing the decoded cryptographic data.</returns>
         public byte[] AsRawBytes() => _bytes;
-        public string AsPem() => _pemStringFull;
+
+        /// <summary>
+        /// Returns the complete PEM-encoded string representation.
+        /// </summary>
+        /// <returns>String containing the full PEM data including headers and footers.</returns>
+        public string AsPemString() => _pemStringFull;
+
+        /// <summary>
+        /// Returns the Base64-encoded data without PEM headers and footers.
+        /// </summary>
+        /// <returns>Base64 string of the cryptographic data.</returns>
         public string AsBase64() => StripPemHeaderFooter(_pemStringFull);
 
         private static byte[] GetBytesFromPem(string pemData)
@@ -53,17 +73,32 @@ private static string StripPemHeaderFooter(string pemData)
         }
     }
 
+    /// <summary>
+    /// Represents a cryptographic key for testing purposes, supporting both RSA and EC keys.
+    /// Provides conversion methods to standard .NET cryptographic types.
+    /// </summary>
     public class TestKey : TestCrypto
     {
         private readonly string _curve;
         private readonly bool _isPrivate;
 
+        /// <summary>
+        /// Loads a test key from the TestData directory.
+        /// </summary>
+        /// <param name="curve">The curve or key type (e.g., "rsa2048", "secp256r1")</param>
+        /// <param name="isPrivate">True for private key, false for public key</param>
+        /// <returns>A TestKey instance representing the loaded key</returns>
         private TestKey(string filePath, string curve, bool isPrivate) : base(filePath)
         {
             _curve = curve;
             _isPrivate = isPrivate;
         }
 
+        /// <summary>
+        /// Converts the key to an RSA instance if it represents an RSA key.
+        /// </summary>
+        /// <returns>RSA instance initialized with the key data</returns>
+        /// <exception cref="InvalidOperationException">Thrown if the key is not an RSA key</exception>
         public RSA AsRSA()
         {
             if (!_curve.StartsWith("rsa", StringComparison.OrdinalIgnoreCase))
@@ -77,6 +112,11 @@ public RSA AsRSA()
             return rsa;
         }
 
+        /// <summary>
+        /// Converts the key to an ECDsa instance if it represents an EC key.
+        /// </summary>
+        /// <returns>ECDsa instance initialized with the key data</returns>
+        /// <exception cref="InvalidOperationException">Thrown if the key is not an EC key</exception>
         public ECDsa AsECDsa()
         {
             if (_curve.StartsWith("rsa", StringComparison.OrdinalIgnoreCase))
@@ -90,49 +130,83 @@ public ECDsa AsECDsa()
             return ecdsa;
         }
 
+        /// <summary>
+        /// Converts the key to a PIV private key format.
+        /// </summary>
+        /// <returns>PivPrivateKey instance</returns>
         public static TestKey Load(string curve, bool isPrivate)
         {
             var fileName = $"{curve}_{(isPrivate ? "private" : "public")}.pem";
             var filePath = Path.Combine("TestData", fileName);
             return new TestKey(filePath, curve, isPrivate);
         }
-
-        internal PivPrivateKey AsPrivateKey()
-        {
-            return new KeyConverter(_pemStringFull).GetPivPrivateKey();
-        }
-
-        internal PivPublicKey AsPublicKey()
-        {
-            return new KeyConverter(_pemStringFull).GetPivPublicKey();
-        }
     }
 
+    /// <summary>
+    /// Represents an X.509 certificate for testing purposes.
+    /// Supports both regular and attestation certificates.
+    /// </summary>
     public class TestCertificate : TestCrypto
     {
+        /// <summary>
+        /// Indicates whether this certificate is an attestation certificate.
+        /// </summary>
         public readonly bool IsAttestation;
 
         private TestCertificate(string filePath, bool isAttestation) : base(filePath)
         {
             IsAttestation = isAttestation;
         }
 
+        /// <summary>
+        /// Converts the certificate to an X509Certificate2 instance.
+        /// </summary>
+        /// <returns>X509Certificate2 instance initialized with the certificate data</returns>
         public X509Certificate2 AsX509Certificate2()
         {
             return new X509Certificate2(_bytes);
         }
 
+        /// <summary>
+        /// Loads a certificate from the TestData directory.
+        /// </summary>
+        /// <param name="curve">The curve or key type associated with the certificate</param>
+        /// <param name="isAttestation">True if loading an attestation certificate</param>
+        /// <returns>A TestCertificate instance</returns>
         public static TestCertificate Load(string curve, bool isAttestation = false)
         {
-            string fileName = $"{curve}_cert{(isAttestation ? "_attest" : "")}.pem";
-            string filePath = Path.Combine("TestData", fileName);
+            var fileName = $"{curve}_cert{(isAttestation ? "_attest" : "")}.pem";
+            var filePath = Path.Combine("TestData", fileName);
             return new TestCertificate(filePath, isAttestation);
         }
     }
 
+    /// <summary>
+    /// Provides convenient static methods to access test keys and certificates.
+    /// </summary>
     public static class TestKeys
     {
-        public static TestKey GetKey(string curve, bool isPrivate) => TestKey.Load(curve, isPrivate);
+
+        /// <summary>
+        /// Gets a private key for the specified curve.
+        /// </summary>
+        /// <param name="curve">The curve or key type</param>
+        /// <returns>TestKey instance representing the private key</returns>
+        public static TestKey GetPrivateKey(string curve) => TestKey.Load(curve, true);
+
+        /// <summary>
+        /// Gets a public key for the specified curve.
+        /// </summary>
+        /// <param name="curve">The curve or key type</param>
+        /// <returns>TestKey instance representing the public key</returns>
+        public static TestKey GetPublicKey(string curve) => TestKey.Load(curve, false);
+
+        /// <summary>
+        /// Gets a certificate for the specified curve.
+        /// </summary>
+        /// <param name="curve">The curve or key type</param>
+        /// <param name="isAttestation">True to get an attestation certificate</param>
+        /// <returns>TestCertificate instance</returns>s
         public static TestCertificate GetCertificate(string curve, bool isAttestation = false) =>
             TestCertificate.Load(curve, isAttestation);
     }