Merge pull request #197

Consolidated public, private key and certificate test data into manageable class

Author: DennisDyallo

Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivAlgorithm.cs

@@ -85,10 +85,15 @@ public enum PivAlgorithm
         /// </summary>
         EccP384 = 0x14,
 
+        /// <summary>
+        /// Indicates that the algorithm is ECC and the parameters are P-521,
+        /// </summary>
+        EccP521 = 0x15,
+
         /// <summary>
         /// Indicates that the slot contains a PIN or PUK (slots 80 and 81).
         /// While not a cryptographic algorithm, it is used in the PIV Metadata.
         /// </summary>
-        Pin = 0xFF
+        Pin = 0xFF,
     }
 }

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/AttestTests.cs

@@ -283,14 +283,14 @@ private static bool LoadAttestationPair(PivAlgorithm algorithm, bool isValidCert
                 var collectorObj = new Simple39KeyCollector();
                 pivSession.KeyCollector = collectorObj.Simple39KeyCollectorDelegate;
 
-                if (SampleKeyPairs.GetKeysAndCertPem(algorithm, isValidCert, out string certPem, out _, out string privateKeyPem) == false)
+                if (SampleKeyPairs.GetKeysAndCertPem(algorithm, isValidCert, out var certPem, out _, out var privateKeyPem) == false)
                 {
                     return false;
                 }
 
-                var cert = new CertConverter(certPem.ToCharArray());
+                var cert = new CertConverter(certPem!.ToCharArray());
                 X509Certificate2 certObj = cert.GetCertObject();
-                var privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+                var privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
                 PivPrivateKey pivPrivateKey = privateKey.GetPivPrivateKey();
 
                 pivSession.ReplaceAttestationKeyAndCertificate(pivPrivateKey, certObj);

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/CertSizeTests.cs

@@ -32,10 +32,10 @@ public void SingleCertSize_3052(StandardTestDevice testDeviceType)
             using RandomNumberGenerator rng = RandomObjectUtility.GetRandomObject(null);
             using X509Certificate2 caCert = GetCACert();
 
-            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa2048, false, out _, out string pubKey, out string priKey);
-            var convertPublic = new KeyConverter(pubKey.ToCharArray());
+            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa2048, false, out _, out var pubKey, out var priKey);
+            var convertPublic = new KeyConverter(pubKey!.ToCharArray());
             RSA dotNetPublicKey = convertPublic.GetRsaObject();
-            var convertPrivate = new KeyConverter(priKey.ToCharArray());
+            var convertPrivate = new KeyConverter(priKey!.ToCharArray());
             PivPrivateKey pivPrivateKey = convertPrivate.GetPivPrivateKey();
 
             IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
@@ -88,10 +88,10 @@ public void MultipleCerts_3052(StandardTestDevice testDeviceType)
             using RandomNumberGenerator rng = RandomObjectUtility.GetRandomObject(null);
             using X509Certificate2 caCert = GetCACert();
 
-            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa2048, false, out _, out string pubKey, out string priKey);
-            var convertPublic = new KeyConverter(pubKey.ToCharArray());
+            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa2048, false, out _, out var pubKey, out var priKey);
+            var convertPublic = new KeyConverter(pubKey!.ToCharArray());
             RSA dotNetPublicKey = convertPublic.GetRsaObject();
-            var convertPrivate = new KeyConverter(priKey.ToCharArray());
+            var convertPrivate = new KeyConverter(priKey!.ToCharArray());
             PivPrivateKey pivPrivateKey = convertPrivate.GetPivPrivateKey();
 
             IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
@@ -132,10 +132,10 @@ public void AllSlot_2079(StandardTestDevice testDeviceType)
             using RandomNumberGenerator rng = RandomObjectUtility.GetRandomObject(null);
             using X509Certificate2 caCert = GetCACert();
 
-            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa2048, false, out _, out string pubKey, out string priKey);
-            var convertPublic = new KeyConverter(pubKey.ToCharArray());
+            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa2048, false, out _, out var pubKey, out var priKey);
+            var convertPublic = new KeyConverter(pubKey!.ToCharArray());
             RSA dotNetPublicKey = convertPublic.GetRsaObject();
-            var convertPrivate = new KeyConverter(priKey.ToCharArray());
+            var convertPrivate = new KeyConverter(priKey!.ToCharArray());
             PivPrivateKey pivPrivateKey = convertPrivate.GetPivPrivateKey();
 
             IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
@@ -226,11 +226,11 @@ private static X509Certificate2 GetCertWithRandomExtension(
         private static X509Certificate2 GetCACert()
         {
             _ = SampleKeyPairs.GetKeysAndCertPem(
-                PivAlgorithm.Rsa2048, true, out string certPem, out _, out string privateKeyPem);
+                PivAlgorithm.Rsa2048, true, out var certPem, out _, out var privateKeyPem);
 
-            var cert = new CertConverter(certPem.ToCharArray());
+            var cert = new CertConverter(certPem!.ToCharArray());
             X509Certificate2 certObj = cert.GetCertObject();
-            var privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+            var privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
             RSA dotnetObj = privateKey.GetRsaObject();
             X509Certificate2 certCopy = certObj.CopyWithPrivateKey(dotnetObj);
 

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/CertTests.cs

@@ -31,11 +31,11 @@ public class CertTests
         [InlineData(StandardTestDevice.Fw5, PivAlgorithm.Rsa4096)]
         public void GetCert_Succeeds(StandardTestDevice targetDevice, PivAlgorithm algorithm)
         {
-            _ = SampleKeyPairs.GetKeysAndCertPem(algorithm, true, out var certPem, out string _, out var privateKeyPem);
+            _ = SampleKeyPairs.GetKeysAndCertPem(algorithm, true, out var certPem, out var _, out var privateKeyPem);
 
-            var certConverter = new CertConverter(certPem.ToCharArray());
+            var certConverter = new CertConverter(certPem!.ToCharArray());
             var certificate = certConverter.GetCertObject();
-            var privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+            var privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
             var pivPrivateKey = privateKey.GetPivPrivateKey();
             var testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(targetDevice);
 
@@ -62,9 +62,9 @@ public void GetCert_NoAuth_Succeeds(StandardTestDevice targetDevice, PivAlgorith
             var isValid = SampleKeyPairs.GetKeysAndCertPem(algorithm, true, out var certPem, out _, out var privateKeyPem);
             Assert.True(isValid);
 
-            var certConverter = new CertConverter(certPem.ToCharArray());
+            var certConverter = new CertConverter(certPem!.ToCharArray());
             var certificate = certConverter.GetCertObject();
-            var privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+            var privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
             var pivPrivateKey = privateKey.GetPivPrivateKey();
 
             byte slotNumber = 0x8B;

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/DecryptTests.cs

@@ -41,7 +41,7 @@ public void Decrypt_1024_Succeeds(PivPinPolicy pinPolicy, StandardTestDevice tes
             };
 
             _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa1024, false, out _, out _, out var privateKeyPem);
-            var privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+            var privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
             var pivPrivateKey = privateKey.GetPivPrivateKey();
 
             var testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
@@ -82,7 +82,7 @@ public void Decrypt_2048_Succeeds(PivPinPolicy pinPolicy, StandardTestDevice tes
             };
 
             _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa2048, false, out _, out _, out var privateKeyPem);
-            var privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+            var privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
             var pivPrivateKey = privateKey.GetPivPrivateKey();
 
             var testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
@@ -127,8 +127,8 @@ public void EncryptCSharp_Decrypt_Correct(PivAlgorithm algorithm, byte slotNumbe
             GetArbitraryData(dataToEncrypt);
 
             _ = SampleKeyPairs.GetKeysAndCertPem(algorithm, false, out _, out var pubKeyPem, out var priKeyPem);
-            var pubKey = new KeyConverter(pubKeyPem.ToCharArray());
-            var priKey = new KeyConverter(priKeyPem.ToCharArray());
+            var pubKey = new KeyConverter(pubKeyPem!.ToCharArray());
+            var priKey = new KeyConverter(priKeyPem!.ToCharArray());
 
             using var rsaObject = pubKey.GetRsaObject();
             var encryptedData = rsaObject.Encrypt(dataToEncrypt, rsaPadding);

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/GetPutDataTests.cs

@@ -13,12 +13,10 @@
 // limitations under the License.
 
 using System;
-using System.Security.Cryptography.X509Certificates;
 using Xunit;
 using Yubico.Core.Tlv;
 using Yubico.YubiKey.Piv.Commands;
 using Yubico.YubiKey.Scp;
-using Yubico.YubiKey.Scp03;
 using Yubico.YubiKey.TestUtilities;
 
 namespace Yubico.YubiKey.Piv
@@ -33,7 +31,7 @@ public void Cert_Auth_Req(StandardTestDevice testDeviceType)
                 out var cert, out var privateKey);
             Assert.True(isValid);
 
-            var certDer = cert.GetRawCertData();
+            var certDer = cert!.GetRawCertData();
             byte[] feData = { 0xFE, 0x00 };
             var tlvWriter = new TlvWriter();
             using (tlvWriter.WriteNestedTlv(0x53))
@@ -54,7 +52,7 @@ public void Cert_Auth_Req(StandardTestDevice testDeviceType)
 
                 pivSession.KeyCollector = MgmtKeyOnlyKeyCollectorDelegate;
                 pivSession.AuthenticateManagementKey();
-                pivSession.ImportPrivateKey(PivSlot.Authentication, privateKey, PivPinPolicy.Never,
+                pivSession.ImportPrivateKey(PivSlot.Authentication, privateKey!, PivPinPolicy.Never,
                     PivTouchPolicy.Never);
             }
 

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/ImportTests.cs

@@ -59,11 +59,11 @@ public void KeyAndCertImport(PivAlgorithm algorithm, StandardTestDevice testDevi
             var collectorObj = new Simple39KeyCollector();
             pivSession.KeyCollector = collectorObj.Simple39KeyCollectorDelegate;
 
-            isValid = SampleKeyPairs.GetMatchingKeyAndCert(algorithm, out X509Certificate2 cert, out PivPrivateKey privateKey);
+            isValid = SampleKeyPairs.GetMatchingKeyAndCert(algorithm, out var cert, out var privateKey);
             Assert.True(isValid);
 
-            pivSession.ImportPrivateKey(0x90, privateKey);
-            pivSession.ImportCertificate(0x90, cert);
+            pivSession.ImportPrivateKey(0x90, privateKey!);
+            pivSession.ImportCertificate(0x90, cert!);
         }
 
         [SkippableTheory(typeof(NotSupportedException), typeof(DeviceNotFoundException))]
@@ -76,14 +76,14 @@ public void CertImport(PivAlgorithm algorithm, StandardTestDevice testDeviceType
             IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
             Assert.True(testDevice.EnabledUsbCapabilities.HasFlag(YubiKeyCapabilities.Piv));
 
-            var isValid = SampleKeyPairs.GetMatchingKeyAndCert(algorithm, out X509Certificate2 cert, out PivPrivateKey _);
+            var isValid = SampleKeyPairs.GetMatchingKeyAndCert(algorithm, out var cert, out var _);
             Assert.True(isValid);
 
             using var pivSession = new PivSession(testDevice);
             var collectorObj = new Simple39KeyCollector();
             pivSession.KeyCollector = collectorObj.Simple39KeyCollectorDelegate;
 
-            pivSession.ImportCertificate(0x90, cert);
+            pivSession.ImportCertificate(0x90, cert!);
         }
     }
 }

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/KeyAgreeTests.cs

@@ -31,15 +31,15 @@ public class KeyAgreeTests
         [InlineData(PivAlgorithm.EccP384, PivPinPolicy.Never, StandardTestDevice.Fw5)]
         public void KeyAgree_Succeeds(PivAlgorithm algorithm, PivPinPolicy pinPolicy, StandardTestDevice testDeviceType)
         {
-            _ = SampleKeyPairs.GetKeysAndCertPem(algorithm, false, out _, out string publicKeyPem, out _);
-            var keyConverter = new KeyConverter(publicKeyPem.ToCharArray());
+            _ = SampleKeyPairs.GetKeysAndCertPem(algorithm, false, out _, out var publicKeyPem, out _);
+            var keyConverter = new KeyConverter(publicKeyPem!.ToCharArray());
             var pivPublicKey = keyConverter.GetPivPublicKey();
             var eccPublicKey = (PivEccPublicKey)pivPublicKey;
             var expectedSecretLength = (eccPublicKey.PublicPoint.Length - 1) / 2;
 
-            var isValid = SampleKeyPairs.GetKeysAndCertPem(algorithm, true, out _, out _, out string privateKeyPem);
+            var isValid = SampleKeyPairs.GetKeysAndCertPem(algorithm, true, out _, out _, out var privateKeyPem);
             Assert.True(isValid);
-            var privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+            var privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
             PivPrivateKey pivPrivateKey = privateKey.GetPivPrivateKey();
 
             IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
@@ -67,9 +67,9 @@ public void KeyAgree_Succeeds(PivAlgorithm algorithm, PivPinPolicy pinPolicy, St
         public void KeyAgree_MatchesCSharp(PivAlgorithm algorithm, byte slotNumber, int digestAlgorithm, StandardTestDevice testDeviceType)
         {
             // Build the correspondent objects.
-            bool isValid = SampleKeyPairs.GetKeysAndCertPem(algorithm, true, out _, out _, out string privateKeyPem);
+            bool isValid = SampleKeyPairs.GetKeysAndCertPem(algorithm, true, out _, out _, out var privateKeyPem);
             Assert.True(isValid);
-            var privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+            var privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
 
             PivPublicKey correspondentPub = privateKey.GetPivPublicKey();
             var correspondentEcc = (PivEccPublicKey)correspondentPub;
@@ -81,7 +81,7 @@ public void KeyAgree_MatchesCSharp(PivAlgorithm algorithm, byte slotNumber, int
 
             // Build the YubiKey objects.
             _ = SampleKeyPairs.GetKeysAndCertPem(algorithm, false, out _, out _, out privateKeyPem);
-            privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+            privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
             PivPrivateKey pivPrivateKey = privateKey.GetPivPrivateKey();
 
             ecDsaObject = privateKey.GetEccObject();
@@ -125,8 +125,8 @@ public void KeyAgree_MatchesCSharp(PivAlgorithm algorithm, byte slotNumber, int
         [InlineData(StandardTestDevice.Fw5)]
         public void NoKeyInSlot_KeyAgree_Exception(StandardTestDevice testDeviceType)
         {
-            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.EccP384, false, out _, out string publicKeyPem, out _);
-            var publicKey = new KeyConverter(publicKeyPem.ToCharArray());
+            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.EccP384, false, out _, out var publicKeyPem, out _);
+            var publicKey = new KeyConverter(publicKeyPem!.ToCharArray());
             PivPublicKey pivPublicKey = publicKey.GetPivPublicKey();
 
             IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/MoveDeleteKeyTests.cs

@@ -75,9 +75,8 @@ public void MoveKey_WithImportedKey(PivAlgorithm expectedAlgorithm)
 
             DeleteKeys(pivSession, sourceSlot, destinationSlot);
 
-            var keyConverter = SampleKeyPairs.GetKeyConverter(expectedAlgorithm);
-            var importedPrivateKey = keyConverter.GetPivPrivateKey();
-            var importedPublicKey = keyConverter.GetPivPublicKey();
+            var importedPrivateKey = SampleKeyPairs.GetPivPrivateKey(expectedAlgorithm);
+            var importedPublicKey =  SampleKeyPairs.GetPivPublicKey(expectedAlgorithm);
 
             pivSession.ImportPrivateKey(sourceSlot, importedPrivateKey);
 

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/OaepTests.cs

@@ -26,10 +26,10 @@ public class OaepTests
         [InlineData(StandardTestDevice.Fw5)]
         public void Parse_FromRsaClass(StandardTestDevice testDeviceType)
         {
-            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa1024, false, out _, out string publicKeyPem, out string privateKeyPem);
+            _ = SampleKeyPairs.GetKeysAndCertPem(PivAlgorithm.Rsa1024, false, out _, out var publicKeyPem, out var privateKeyPem);
 
-            var publicKey = new KeyConverter(publicKeyPem.ToCharArray());
-            var privateKey = new KeyConverter(privateKeyPem.ToCharArray());
+            var publicKey = new KeyConverter(publicKeyPem!.ToCharArray());
+            var privateKey = new KeyConverter(privateKeyPem!.ToCharArray());
 
             byte[] dataToEncrypt = {
                 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,